openssh/bugfix-CVE-2018-15919.patch

From 1a3f3190a287cc24fe2b7a47f420d03fba76b353 Mon Sep 17 00:00:00 2001
From: majun <majun65@huawei.com>
Date: Wed, 18 Mar 2020 19:23:15 +0800
Subject: [PATCH] CVE-2018-15919

---
 auth.h      | 1 +
 auth2-gss.c | 1 +
 auth2.c     | 4 ++++
 3 files changed, 6 insertions(+)

diff --git a/auth.h b/auth.h
index 1d9cf66..51b27c7 100644
--- a/auth.h
+++ b/auth.h
@@ -60,6 +60,7 @@ struct Authctxt {
 	int		 attempt;
 	int		 failures;
 	int		 server_caused_failure;
+	int		 server_caused_gssapi_failure;
 	int		 force_pwchange;
 	char		*user;		/* username sent by the client */
 	char		*service;
diff --git a/auth2-gss.c b/auth2-gss.c
index 764d509..9690f8a 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -153,6 +153,7 @@ userauth_gssapi(struct ssh *ssh)
 			ssh_gssapi_delete_ctx(&ctxt);
 		free(doid);
 		authctxt->server_caused_failure = 1;
+		authctxt->server_caused_gssapi_failure = 1;
 		return (0);
 	}
 
diff --git a/auth2.c b/auth2.c
index f0b61ce..14db54a 100644
--- a/auth2.c
+++ b/auth2.c
@@ -336,6 +336,7 @@ if (options.check_user_splash)
 	auth2_authctxt_reset_info(authctxt);
 	authctxt->postponed = 0;
 	authctxt->server_caused_failure = 0;
+	authctxt->server_caused_gssapi_failure = 0;
 
 	/* try to authenticate user */
 	m = authmethod_lookup(authctxt, method);
@@ -427,6 +428,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 		if (!partial && !authctxt->server_caused_failure &&
 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 			authctxt->failures++;
+		if (!partial && authctxt->server_caused_gssapi_failure &&
+		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+			authctxt->failures++;
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
 			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
-- 
1.8.3.1
bugfixCVE-2018-15919 2020-03-18 20:05:14 +08:00			`From 1a3f3190a287cc24fe2b7a47f420d03fba76b353 Mon Sep 17 00:00:00 2001`
			`From: majun <majun65@huawei.com>`
			`Date: Wed, 18 Mar 2020 19:23:15 +0800`
			`Subject: [PATCH] CVE-2018-15919`

			`---`
			`auth.h \| 1 +`
			`auth2-gss.c \| 1 +`
			`auth2.c \| 4 ++++`
			`3 files changed, 6 insertions(+)`

			`diff --git a/auth.h b/auth.h`
			`index 1d9cf66..51b27c7 100644`
			`--- a/auth.h`
			`+++ b/auth.h`
			`@@ -60,6 +60,7 @@ struct Authctxt {`
			`int attempt;`
			`int failures;`
			`int server_caused_failure;`
			`+ int server_caused_gssapi_failure;`
			`int force_pwchange;`
			`char user; / username sent by the client */`
			`char *service;`
			`diff --git a/auth2-gss.c b/auth2-gss.c`
			`index 764d509..9690f8a 100644`
			`--- a/auth2-gss.c`
			`+++ b/auth2-gss.c`
			`@@ -153,6 +153,7 @@ userauth_gssapi(struct ssh *ssh)`
			`ssh_gssapi_delete_ctx(&ctxt);`
			`free(doid);`
			`authctxt->server_caused_failure = 1;`
			`+ authctxt->server_caused_gssapi_failure = 1;`
			`return (0);`
			`}`

			`diff --git a/auth2.c b/auth2.c`
			`index f0b61ce..14db54a 100644`
			`--- a/auth2.c`
			`+++ b/auth2.c`
			`@@ -336,6 +336,7 @@ if (options.check_user_splash)`
			`auth2_authctxt_reset_info(authctxt);`
			`authctxt->postponed = 0;`
			`authctxt->server_caused_failure = 0;`
			`+ authctxt->server_caused_gssapi_failure = 0;`

			`/* try to authenticate user */`
			`m = authmethod_lookup(authctxt, method);`
			`@@ -427,6 +428,9 @@ userauth_finish(struct ssh ssh, int authenticated, const char method,`
			`if (!partial && !authctxt->server_caused_failure &&`
			`(authctxt->attempt > 1 \|\| strcmp(method, "none") != 0))`
			`authctxt->failures++;`
			`+ if (!partial && authctxt->server_caused_gssapi_failure &&`
			`+ (authctxt->attempt > 1 \|\| strcmp(method, "none") != 0))`
			`+ authctxt->failures++;`
			`if (authctxt->failures >= options.max_authtries) {`
			`#ifdef SSH_AUDIT_EVENTS`
			`PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));`
			`--`
			`1.8.3.1`