From ddea46f890bd5d87669f23b26d676adedaa5f610 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Wed, 19 Sep 2018 14:12:56 +0200 Subject: [PATCH] CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENT The introduced auth state allows to identify when authentication using password was tried. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki --- include/libssh/auth.h | 2 ++ src/auth.c | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/libssh/auth.h b/include/libssh/auth.h index 05754460..1fc00e20 100644 --- a/include/libssh/auth.h +++ b/include/libssh/auth.h @@ -94,6 +94,8 @@ enum ssh_auth_state_e { SSH_AUTH_STATE_PUBKEY_OFFER_SENT, /** We have sent pubkey and signature expecting to be authenticated */ SSH_AUTH_STATE_PUBKEY_AUTH_SENT, + /** We have sent a password expecting to be authenticated */ + SSH_AUTH_STATE_PASSWORD_AUTH_SENT, }; /** @internal diff --git a/src/auth.c b/src/auth.c index 964e82a6..3719b18a 100755 --- a/src/auth.c +++ b/src/auth.c @@ -87,6 +87,7 @@ static int ssh_auth_response_termination(void *user){ case SSH_AUTH_STATE_GSSAPI_MIC_SENT: case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: + case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: return 0; default: return 1; @@ -141,6 +142,7 @@ static int ssh_userauth_get_response(ssh_session session) { case SSH_AUTH_STATE_GSSAPI_MIC_SENT: case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: + case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: case SSH_AUTH_STATE_NONE: /* not reached */ rc = SSH_AUTH_ERROR; @@ -1173,7 +1175,7 @@ int ssh_userauth_password(ssh_session session, goto fail; } - session->auth_state = SSH_AUTH_STATE_NONE; + session->auth_state = SSH_AUTH_STATE_PASSWORD_AUTH_SENT; session->pending_call_state = SSH_PENDING_CALL_AUTH_OFFER_PUBKEY; rc = packet_send(session); if (rc == SSH_ERROR) {