shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 02:38:09 +09:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2018-10933: Introduce SSH_AUTH_STATE_AUTH_NONE_SENT

Browse Source 
The introduced auth state allows to identify when a request without
authentication information was sent.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
This commit is contained in:
Anderson Toshiyuki Sasaki
2018-09-19 15:55:43 +02:00
committed by Andreas Schneider
parent ddea46f890
commit acd6a1ca8a
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/libssh/auth.h
View File

@@ -96,6 +96,8 @@ enum ssh_auth_state_e {
SSH_AUTH_STATE_PUBKEY_AUTH_SENT, SSH_AUTH_STATE_PUBKEY_AUTH_SENT,
/** We have sent a password expecting to be authenticated */ /** We have sent a password expecting to be authenticated */
SSH_AUTH_STATE_PASSWORD_AUTH_SENT, SSH_AUTH_STATE_PASSWORD_AUTH_SENT,
/** We have sent a request without auth information (method 'none') */
SSH_AUTH_STATE_AUTH_NONE_SENT,
}; };
/** @internal /** @internal

4
src/auth.c
View File

@@ -88,6 +88,7 @@ static int ssh_auth_response_termination(void *user){
case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: case SSH_AUTH_STATE_PASSWORD_AUTH_SENT:
case SSH_AUTH_STATE_AUTH_NONE_SENT:
return 0; return 0;
default: default:
return 1; return 1;
@@ -143,6 +144,7 @@ static int ssh_userauth_get_response(ssh_session session) {
case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: case SSH_AUTH_STATE_PASSWORD_AUTH_SENT:
case SSH_AUTH_STATE_AUTH_NONE_SENT:
case SSH_AUTH_STATE_NONE: case SSH_AUTH_STATE_NONE:
/* not reached */ /* not reached */
rc = SSH_AUTH_ERROR; rc = SSH_AUTH_ERROR;
@@ -401,7 +403,7 @@ int ssh_userauth_none(ssh_session session, const char *username) {
goto fail; goto fail;
} }
session->auth_state = SSH_AUTH_STATE_NONE; session->auth_state = SSH_AUTH_STATE_AUTH_NONE_SENT;
session->pending_call_state = SSH_PENDING_CALL_AUTH_NONE; session->pending_call_state = SSH_PENDING_CALL_AUTH_NONE;
rc = packet_send(session); rc = packet_send(session);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {