upstream: avoid integer overflow of auth attempts (harmless, caught

author djm@openbsd.org <djm@openbsd.org>

Wed, 23 Feb 2022 11:18:13 +0000 (11:18 +0000)

committer Damien Miller <djm@mindrot.org>

Wed, 23 Feb 2022 11:22:20 +0000 (22:22 +1100)
author djm@openbsd.org <djm@openbsd.org>
Wed, 23 Feb 2022 11:18:13 +0000 (11:18 +0000)
committer Damien Miller <djm@mindrot.org>
Wed, 23 Feb 2022 11:22:20 +0000 (22:22 +1100)
diff --git a/auth2.c b/auth2.c

index 6ae27bd457161ce2d511579f1c11dbf9030050e3..6c061934bf395477866996b9667e7bc5e8a4b9e1 100644 (file)
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.163 2021/12/26 23:34:41 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.164 2022/02/23 11:18:13 djm Exp $ */
  /*
   * Copyright (c) 2000 Markus Friedl.  All rights reserved.
   *
@@ -279,6 +279,8 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
         if ((style = strchr(user, ':')) != NULL)
                 *style++ = 0;
  
+       if (authctxt->attempt >= 1024)
+               auth_maxtries_exceeded(ssh);
         if (authctxt->attempt++ == 0) {
                 /* setup auth context */
                 authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
@@ -287,6 +289,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
                         authctxt->valid = 1;
                         debug2_f("setting up authctxt for %s", user);
                 } else {
+                       authctxt->valid = 0;
                         /* Invalid user, fake password information */
                         authctxt->pw = fakepw();
  #ifdef SSH_AUDIT_EVENTS
author	djm@openbsd.org <djm@openbsd.org>
	Wed, 23 Feb 2022 11:18:13 +0000 (11:18 +0000)
committer	Damien Miller <djm@mindrot.org>
	Wed, 23 Feb 2022 11:22:20 +0000 (22:22 +1100)