From 4286e434ab29c077a42d52c97e7a2e92f93fc1c3 Mon Sep 17 00:00:00 2001 From: zhuqingfu Date: Tue, 15 Sep 2020 15:09:52 +0800 Subject: [PATCH] CVE-2018-15919 --- auth.h | 1 + auth2-gss.c | 1 + auth2.c | 4 ++++ 3 files changed, 6 insertions(+) diff --git a/auth.h b/auth.h index c3a92df..1127fdf 100644 --- a/auth.h +++ b/auth.h @@ -58,6 +58,7 @@ struct Authctxt { int attempt; int failures; int server_caused_failure; + int server_caused_gssapi_failure; int force_pwchange; char *user; /* username sent by the client */ char *service; diff --git a/auth2-gss.c b/auth2-gss.c index 4708375..6008319 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -156,6 +156,7 @@ userauth_gssapi(struct ssh *ssh) ssh_gssapi_delete_ctx(&ctxt); free(doid); authctxt->server_caused_failure = 1; + authctxt->server_caused_gssapi_failure = 1; return (0); } diff --git a/auth2.c b/auth2.c index 956b9cf..2c4fc97 100644 --- a/auth2.c +++ b/auth2.c @@ -345,6 +345,7 @@ if (options.check_user_splash) auth2_authctxt_reset_info(authctxt); authctxt->postponed = 0; authctxt->server_caused_failure = 0; + authctxt->server_caused_gssapi_failure = 0; /* try to authenticate user */ m = authmethod_lookup(authctxt, method); @@ -442,6 +443,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, if (!partial && !authctxt->server_caused_failure && (authctxt->attempt > 1 || strcmp(method, "none") != 0)) authctxt->failures++; + if (!partial && authctxt->server_caused_gssapi_failure && + (authctxt->attempt > 1 || strcmp(method, "none") != 0)) + authctxt->failures++; if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES)); -- 1.8.3.1