CVE-2016-6515: Denial of service via very long passwords (#1364936)

related to user enumeration.

Upstream: https://github.com/openssh/openssh-portable/commit/fcd135c9df
This commit is contained in:
Jakub Jelen 2016-08-09 08:43:37 +02:00
parent 5a28bb2729
commit 793e7839fc

View File

@ -212,4 +212,44 @@ index 451de78..465b5a7 100644
if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
debug("PAM: password authentication accepted for %.100s",
authctxt->user);
From fcd135c9df440bcd2d5870405ad3311743d78d97 Mon Sep 17 00:00:00 2001
From: "dtucker@openbsd.org" <dtucker@openbsd.org>
Date: Thu, 21 Jul 2016 01:39:35 +0000
Subject: [PATCH] upstream commit
Skip passwords longer than 1k in length so clients can't
easily DoS sshd by sending very long passwords, causing it to spend CPU
hashing them. feedback djm@, ok markus@.
Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org
Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
---
auth-passwd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/auth-passwd.c b/auth-passwd.c
index 530b5d4..996c2cf 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -66,6 +66,8 @@ extern login_cap_t *lc;
#define DAY (24L * 60 * 60) /* 1 day in seconds */
#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */
+#define MAX_PASSWORD_LEN 1024
+
void
disable_forwarding(void)
{
@@ -87,6 +89,9 @@ auth_password(Authctxt *authctxt, const char *password)
static int expire_checked = 0;
#endif
+ if (strlen(password) > MAX_PASSWORD_LEN)
+ return 0;
+
#ifndef HAVE_CYGWIN
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
ok = 0;