openssh/CVE-2018-15919.patch

From 4286e434ab29c077a42d52c97e7a2e92f93fc1c3 Mon Sep 17 00:00:00 2001
From: zhuqingfu <zhuqingfu1@huawei.com>
Date: Tue, 15 Sep 2020 15:09:52 +0800
Subject: [PATCH] CVE-2018-15919

---
 auth.h      | 1 +
 auth2-gss.c | 1 +
 auth2.c     | 4 ++++
 3 files changed, 6 insertions(+)

diff --git a/auth.h b/auth.h
index c3a92df..1127fdf 100644
--- a/auth.h
+++ b/auth.h
@@ -58,6 +58,7 @@ struct Authctxt {
 	int		 attempt;
 	int		 failures;
 	int		 server_caused_failure;
+	int		 server_caused_gssapi_failure;
 	int		 force_pwchange;
 	char		*user;		/* username sent by the client */
 	char		*service;
diff --git a/auth2-gss.c b/auth2-gss.c
index 4708375..6008319 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -156,6 +156,7 @@ userauth_gssapi(struct ssh *ssh)
 			ssh_gssapi_delete_ctx(&ctxt);
 		free(doid);
 		authctxt->server_caused_failure = 1;
+		authctxt->server_caused_gssapi_failure = 1;
 		return (0);
 	}
 
diff --git a/auth2.c b/auth2.c
index 956b9cf..2c4fc97 100644
--- a/auth2.c
+++ b/auth2.c
@@ -345,6 +345,7 @@ if (options.check_user_splash)
 	auth2_authctxt_reset_info(authctxt);
 	authctxt->postponed = 0;
 	authctxt->server_caused_failure = 0;
+	authctxt->server_caused_gssapi_failure = 0;
 
 	/* try to authenticate user */
 	m = authmethod_lookup(authctxt, method);
@@ -442,6 +443,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 		if (!partial && !authctxt->server_caused_failure &&
 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 			authctxt->failures++;
+		if (!partial && authctxt->server_caused_gssapi_failure &&
+		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+			authctxt->failures++;
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
 			PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
-- 
1.8.3.1
fix CVE-2018-15919.patch Signed-off-by: liuzy518 <570407222@qq.com> 2020-09-15 16:58:49 +08:00			`From 4286e434ab29c077a42d52c97e7a2e92f93fc1c3 Mon Sep 17 00:00:00 2001`
			`From: zhuqingfu <zhuqingfu1@huawei.com>`
			`Date: Tue, 15 Sep 2020 15:09:52 +0800`
			`Subject: [PATCH] CVE-2018-15919`

			`---`
			`auth.h \| 1 +`
			`auth2-gss.c \| 1 +`
			`auth2.c \| 4 ++++`
			`3 files changed, 6 insertions(+)`

			`diff --git a/auth.h b/auth.h`
			`index c3a92df..1127fdf 100644`
			`--- a/auth.h`
			`+++ b/auth.h`
			`@@ -58,6 +58,7 @@ struct Authctxt {`
			`int attempt;`
			`int failures;`
			`int server_caused_failure;`
			`+ int server_caused_gssapi_failure;`
			`int force_pwchange;`
			`char user; / username sent by the client */`
			`char *service;`
			`diff --git a/auth2-gss.c b/auth2-gss.c`
			`index 4708375..6008319 100644`
			`--- a/auth2-gss.c`
			`+++ b/auth2-gss.c`
			`@@ -156,6 +156,7 @@ userauth_gssapi(struct ssh *ssh)`
			`ssh_gssapi_delete_ctx(&ctxt);`
			`free(doid);`
			`authctxt->server_caused_failure = 1;`
			`+ authctxt->server_caused_gssapi_failure = 1;`
			`return (0);`
			`}`

			`diff --git a/auth2.c b/auth2.c`
			`index 956b9cf..2c4fc97 100644`
			`--- a/auth2.c`
			`+++ b/auth2.c`
			`@@ -345,6 +345,7 @@ if (options.check_user_splash)`
			`auth2_authctxt_reset_info(authctxt);`
			`authctxt->postponed = 0;`
			`authctxt->server_caused_failure = 0;`
			`+ authctxt->server_caused_gssapi_failure = 0;`

			`/* try to authenticate user */`
			`m = authmethod_lookup(authctxt, method);`
			`@@ -442,6 +443,9 @@ userauth_finish(struct ssh ssh, int authenticated, const char method,`
			`if (!partial && !authctxt->server_caused_failure &&`
			`(authctxt->attempt > 1 \|\| strcmp(method, "none") != 0))`
			`authctxt->failures++;`
			`+ if (!partial && authctxt->server_caused_gssapi_failure &&`
			`+ (authctxt->attempt > 1 \|\| strcmp(method, "none") != 0))`
			`+ authctxt->failures++;`
			`if (authctxt->failures >= options.max_authtries) {`
			`#ifdef SSH_AUDIT_EVENTS`
			`PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));`
			`--`
			`1.8.3.1`