From 1a3f3190a287cc24fe2b7a47f420d03fba76b353 Mon Sep 17 00:00:00 2001
From: majun <majun65@huawei.com>
Date: Wed, 18 Mar 2020 19:23:15 +0800
Subject: [PATCH] CVE-2018-15919

---
 auth.h      | 1 +
 auth2-gss.c | 1 +
 auth2.c     | 4 ++++
 3 files changed, 6 insertions(+)

diff --git a/auth.h b/auth.h
index 1d9cf66..51b27c7 100644
--- a/auth.h
+++ b/auth.h
@@ -60,6 +60,7 @@ struct Authctxt {
 	int		 attempt;
 	int		 failures;
 	int		 server_caused_failure;
+	int		 server_caused_gssapi_failure;
 	int		 force_pwchange;
 	char		*user;		/* username sent by the client */
 	char		*service;
diff --git a/auth2-gss.c b/auth2-gss.c
index 764d509..9690f8a 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -153,6 +153,7 @@ userauth_gssapi(struct ssh *ssh)
 			ssh_gssapi_delete_ctx(&ctxt);
 		free(doid);
 		authctxt->server_caused_failure = 1;
+		authctxt->server_caused_gssapi_failure = 1;
 		return (0);
 	}
 
diff --git a/auth2.c b/auth2.c
index f0b61ce..14db54a 100644
--- a/auth2.c
+++ b/auth2.c
@@ -336,6 +336,7 @@ if (options.check_user_splash)
 	auth2_authctxt_reset_info(authctxt);
 	authctxt->postponed = 0;
 	authctxt->server_caused_failure = 0;
+	authctxt->server_caused_gssapi_failure = 0;
 
 	/* try to authenticate user */
 	m = authmethod_lookup(authctxt, method);
@@ -427,6 +428,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 		if (!partial && !authctxt->server_caused_failure &&
 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 			authctxt->failures++;
+		if (!partial && authctxt->server_caused_gssapi_failure &&
+		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+			authctxt->failures++;
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
 			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
-- 
1.8.3.1