git.ipfire.org Git - thirdparty/openssh-portable.git/commit

]> git.ipfire.org Git - thirdparty/openssh-portable.git/commit

projects / thirdparty / openssh-portable.git / commit

author	Darren Tucker <dtucker@dtucker.net>
	Wed, 11 Nov 2020 01:30:46 +0000 (12:30 +1100)
committer	Darren Tucker <dtucker@dtucker.net>
	Wed, 11 Nov 2020 03:05:30 +0000 (14:05 +1100)
commit	fcf429a4c69d30d8725612a55b37181594da8ddf
tree	ffd46ec44e6a9c60608a511755bd785d9c9605f1	tree \| snapshot
parent	10dce8ff68ef615362cfcab0c0cc33ce524e7682	commit \| diff

Prevent excessively long username going to PAM.

This is a mitigation for a buffer overflow in Solaris' PAM username
handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
implementations. This is not a problem in sshd itself, it only
prevents sshd from being used as a vector to attack Solaris' PAM.
It does not prevent the bug in PAM from being exploited via some other
PAM application.

Based on github PR#212 from Mike Scott but implemented slightly
differently. ok tim@ djm@

auth-pam.c

diff | blob | blame | history

Mirror of https://github.com/openssh/openssh-portable.git

RSS Atom