os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/website/static/security/patches/SA-03:15/openssh47.patch
Sergio Carlavilla Delgado 989d921f5d Migrate doc to Hugo/AsciiDoctor 
I'm very pleased to announce the release of
our new website and documentation using
the new toolchain with Hugo and AsciiDoctor.

To get more information about the new toolchain
please read the FreeBSD Documentation Project Primer[1],
Hugo docs[2] and AsciiDoctor docs[3].

Acknowledgment:
Benedict Reuschling <bcr@>
Glen Barber <gjb@>
Hiroki Sato <hrs@>
Li-Wen Hsu <lwhsu@>
Sean Chittenden <seanc@>
The FreeBSD Foundation

[1] https://docs.FreeBSD.org/en/books/fdp-primer/
[2] https://gohugo.io/documentation/
[3] https://docs.asciidoctor.org/home/

Approved by:    doceng, core
2021-01-26 00:31:29 +01:00

228 lines
7.5 KiB
Diff
Raw Blame History

Index: crypto/openssh/auth-chall.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
retrieving revision 1.2.2.3
retrieving revision 1.2.2.3.2.1
diff -p -c -r1.2.2.3 -r1.2.2.3.2.1
*** crypto/openssh/auth-chall.c 3 Jul 2002 22:11:41 -0000 1.2.2.3
--- crypto/openssh/auth-chall.c 24 Sep 2003 19:50:39 -0000 1.2.2.3.2.1
*************** verify_response(Authctxt *authctxt, cons
*** 80,82 ****
--- 80,90 ----
authctxt->kbdintctxt = NULL;
return res ? 0 : 1;
}
+ void
+ abandon_challenge_response(Authctxt *authctxt)
+ {
+ if (authctxt->kbdintctxt != NULL) {
+ device->free_ctx(authctxt->kbdintctxt);
+ authctxt->kbdintctxt = NULL;
+ }
+ }
Index: crypto/openssh/auth.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
retrieving revision 1.1.1.1.2.5
retrieving revision 1.1.1.1.2.5.2.1
diff -p -c -r1.1.1.1.2.5 -r1.1.1.1.2.5.2.1
*** crypto/openssh/auth.h 3 Jul 2002 22:11:41 -0000 1.1.1.1.2.5
--- crypto/openssh/auth.h 24 Sep 2003 19:50:39 -0000 1.1.1.1.2.5.2.1
*************** struct passwd * getpwnamallow(const char
*** 160,165 ****
--- 160,166 ----
char *get_challenge(Authctxt *);
int verify_response(Authctxt *, const char *);
+ void abandon_challenge_response(Authctxt *);
struct passwd * auth_get_user(void);
Index: crypto/openssh/auth1.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v
retrieving revision 1.3.2.8
retrieving revision 1.3.2.8.2.1
diff -p -c -r1.3.2.8 -r1.3.2.8.2.1
*** crypto/openssh/auth1.c 3 Jul 2002 22:11:41 -0000 1.3.2.8
--- crypto/openssh/auth1.c 24 Sep 2003 19:50:39 -0000 1.3.2.8.2.1
*************** do_authloop(Authctxt *authctxt)
*** 73,79 ****
char info[1024];
u_int dlen;
u_int ulen;
! int type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
--- 73,79 ----
char info[1024];
u_int dlen;
u_int ulen;
! int prev, type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
*************** do_authloop(Authctxt *authctxt)
*** 103,109 ****
--- 103,121 ----
info[0] = '\0';
/* Get a packet from the client. */
+ prev = type;
type = packet_read();
+
+ /*
+ * If we started challenge-response authentication but the
+ * next packet is not a response to our challenge, release
+ * the resources allocated by get_challenge() (which would
+ * normally have been released by verify_response() had we
+ * received such a response)
+ */
+ if (prev == SSH_CMSG_AUTH_TIS &&
+ type != SSH_CMSG_AUTH_TIS_RESPONSE)
+ abandon_challenge_response(authctxt);
/* Process the packet. */
switch (type) {
Index: crypto/openssh/auth2-pam-freebsd.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.2.2.2
diff -p -c -r1.1.2.2 -r1.1.2.2.2.2
*** crypto/openssh/auth2-pam-freebsd.c 17 Jul 2002 17:45:18 -0000 1.1.2.2
--- crypto/openssh/auth2-pam-freebsd.c 24 Sep 2003 19:16:24 -0000 1.1.2.2.2.2
*************** pam_child_conv(int n,
*** 76,83 ****
*resp = xmalloc(n * sizeof **resp);
buffer_init(&buffer);
for (i = 0; i < n; ++i) {
! resp[i]->resp_retcode = 0;
! resp[i]->resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 76,83 ----
*resp = xmalloc(n * sizeof **resp);
buffer_init(&buffer);
for (i = 0; i < n; ++i) {
! (*resp)[i].resp_retcode = 0;
! (*resp)[i].resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 85,91 ****
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! resp[i]->resp = buffer_get_string(&buffer, NULL);
break;
case PAM_PROMPT_ECHO_ON:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 85,91 ----
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! (*resp)[i].resp = buffer_get_string(&buffer, NULL);
break;
case PAM_PROMPT_ECHO_ON:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 93,99 ****
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! resp[i]->resp = buffer_get_string(&buffer, NULL);
break;
case PAM_ERROR_MSG:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 93,99 ----
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! (*resp)[i].resp = buffer_get_string(&buffer, NULL);
break;
case PAM_ERROR_MSG:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 111,118 ****
buffer_free(&buffer);
return (PAM_SUCCESS);
fail:
- while (i)
- xfree(resp[--i]);
xfree(*resp);
*resp = NULL;
buffer_free(&buffer);
--- 111,116 ----
Index: crypto/openssh/ssh_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
retrieving revision 1.2.2.6
retrieving revision 1.2.2.6.2.1
diff -p -c -r1.2.2.6 -r1.2.2.6.2.1
*** crypto/openssh/ssh_config 25 Jul 2002 16:03:44 -0000 1.2.2.6
--- crypto/openssh/ssh_config 24 Sep 2003 19:51:42 -0000 1.2.2.6.2.1
***************
*** 34,37 ****
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
! # VersionAddendum FreeBSD-20020629
--- 34,37 ----
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
! # VersionAddendum FreeBSD-20030924
Index: crypto/openssh/sshd_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
retrieving revision 1.4.2.10
retrieving revision 1.4.2.10.2.1
diff -p -c -r1.4.2.10 -r1.4.2.10.2.1
*** crypto/openssh/sshd_config 26 Jul 2002 15:18:32 -0000 1.4.2.10
--- crypto/openssh/sshd_config 24 Sep 2003 19:51:42 -0000 1.4.2.10.2.1
***************
*** 14,20 ****
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
! #VersionAddendum FreeBSD-20020629
#Port 22
#Protocol 2,1
--- 14,20 ----
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
! #VersionAddendum FreeBSD-20030924
#Port 22
#Protocol 2,1
Index: crypto/openssh/version.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/version.h,v
retrieving revision 1.1.1.1.2.9.2.2
retrieving revision 1.1.1.1.2.9.2.3
diff -p -c -r1.1.1.1.2.9.2.2 -r1.1.1.1.2.9.2.3
*** crypto/openssh/version.h 17 Sep 2003 14:51:37 -0000 1.1.1.1.2.9.2.2
--- crypto/openssh/version.h 24 Sep 2003 19:51:42 -0000 1.1.1.1.2.9.2.3
***************
*** 5,11 ****
#define SSH_VERSION (ssh_version_get())
#define SSH_VERSION_BASE "OpenSSH_3.4p1"
! #define SSH_VERSION_ADDENDUM "FreeBSD-20030917"
const char *ssh_version_get(void);
void ssh_version_set_addendum(const char *add);
--- 5,11 ----
#define SSH_VERSION (ssh_version_get())
#define SSH_VERSION_BASE "OpenSSH_3.4p1"
! #define SSH_VERSION_ADDENDUM "FreeBSD-20030924"
const char *ssh_version_get(void);
void ssh_version_set_addendum(const char *add);
Reference in a new issue View git blame Copy permalink