From fcfba0d8aa15a0142e57513f271eb7fa4bbabc9a Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Mon, 10 Sep 2018 17:38:22 +0200 Subject: CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENT The introduced auth state allows to identify when authentication using password was tried. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki Reviewed-by: Andreas Schneider --- include/libssh/auth.h | 2 ++ src/auth.c | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/libssh/auth.h b/include/libssh/auth.h index 8daab47d..899282c1 100644 --- a/include/libssh/auth.h +++ b/include/libssh/auth.h @@ -80,6 +80,8 @@ enum ssh_auth_state_e { SSH_AUTH_STATE_PUBKEY_OFFER_SENT, /** We have sent pubkey and signature expecting to be authenticated */ SSH_AUTH_STATE_PUBKEY_AUTH_SENT, + /** We have sent a password expecting to be authenticated */ + SSH_AUTH_STATE_PASSWORD_AUTH_SENT, }; /** @internal diff --git a/src/auth.c b/src/auth.c index 41b76aa6..2b06d2e1 100644 --- a/src/auth.c +++ b/src/auth.c @@ -87,6 +87,7 @@ static int ssh_auth_response_termination(void *user) { case SSH_AUTH_STATE_GSSAPI_MIC_SENT: case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: + case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: return 0; default: return 1; @@ -171,6 +172,7 @@ static int ssh_userauth_get_response(ssh_session session) { case SSH_AUTH_STATE_GSSAPI_MIC_SENT: case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: + case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: case SSH_AUTH_STATE_NONE: /* not reached */ rc = SSH_AUTH_ERROR; @@ -1268,7 +1270,7 @@ int ssh_userauth_password(ssh_session session, } session->auth.current_method = SSH_AUTH_METHOD_PASSWORD; - session->auth.state = SSH_AUTH_STATE_NONE; + session->auth.state = SSH_AUTH_STATE_PASSWORD_AUTH_SENT; session->pending_call_state = SSH_PENDING_CALL_AUTH_PASSWORD; rc = ssh_packet_send(session); if (rc == SSH_ERROR) { -- cgit v1.2.1