os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/patches/SA-03:15/openssh46.patch
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

282 lines
9.2 KiB
Diff
Raw Blame History

Index: crypto/openssh/auth-chall.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
retrieving revision 1.2.2.2.2.1
retrieving revision 1.2.2.2.2.2
diff -p -c -r1.2.2.2.2.1 -r1.2.2.2.2.2
*** crypto/openssh/auth-chall.c 16 Jul 2002 12:27:05 -0000 1.2.2.2.2.1
--- crypto/openssh/auth-chall.c 24 Sep 2003 19:53:37 -0000 1.2.2.2.2.2
*************** verify_response(Authctxt *authctxt, cons
*** 80,82 ****
--- 80,90 ----
authctxt->kbdintctxt = NULL;
return res ? 0 : 1;
}
+ void
+ abandon_challenge_response(Authctxt *authctxt)
+ {
+ if (authctxt->kbdintctxt != NULL) {
+ device->free_ctx(authctxt->kbdintctxt);
+ authctxt->kbdintctxt = NULL;
+ }
+ }
Index: crypto/openssh/auth.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
retrieving revision 1.1.1.1.2.4.4.1
retrieving revision 1.1.1.1.2.4.4.2
diff -p -c -r1.1.1.1.2.4.4.1 -r1.1.1.1.2.4.4.2
*** crypto/openssh/auth.h 16 Jul 2002 12:33:06 -0000 1.1.1.1.2.4.4.1
--- crypto/openssh/auth.h 24 Sep 2003 19:53:37 -0000 1.1.1.1.2.4.4.2
*************** struct passwd * getpwnamallow(const char
*** 160,165 ****
--- 160,166 ----
char *get_challenge(Authctxt *);
int verify_response(Authctxt *, const char *);
+ void abandon_challenge_response(Authctxt *);
struct passwd * auth_get_user(void);
Index: crypto/openssh/auth1.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v
retrieving revision 1.3.2.7.4.1
retrieving revision 1.3.2.7.4.2
diff -p -c -r1.3.2.7.4.1 -r1.3.2.7.4.2
*** crypto/openssh/auth1.c 16 Jul 2002 12:33:06 -0000 1.3.2.7.4.1
--- crypto/openssh/auth1.c 24 Sep 2003 19:53:37 -0000 1.3.2.7.4.2
*************** do_authloop(Authctxt *authctxt)
*** 73,79 ****
char info[1024];
u_int dlen;
u_int ulen;
! int type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
--- 73,79 ----
char info[1024];
u_int dlen;
u_int ulen;
! int prev, type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
*************** do_authloop(Authctxt *authctxt)
*** 103,109 ****
--- 103,121 ----
info[0] = '\0';
/* Get a packet from the client. */
+ prev = type;
type = packet_read();
+
+ /*
+ * If we started challenge-response authentication but the
+ * next packet is not a response to our challenge, release
+ * the resources allocated by get_challenge() (which would
+ * normally have been released by verify_response() had we
+ * received such a response)
+ */
+ if (prev == SSH_CMSG_AUTH_TIS &&
+ type != SSH_CMSG_AUTH_TIS_RESPONSE)
+ abandon_challenge_response(authctxt);
/* Process the packet. */
switch (type) {
Index: crypto/openssh/auth2-pam-freebsd.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
retrieving revision 1.2.2.2
retrieving revision 1.2.2.4
diff -p -c -r1.2.2.2 -r1.2.2.4
*** crypto/openssh/auth2-pam-freebsd.c 17 Jul 2002 17:52:36 -0000 1.2.2.2
--- crypto/openssh/auth2-pam-freebsd.c 24 Sep 2003 19:16:50 -0000 1.2.2.4
*************** pam_child_conv(int n,
*** 76,83 ****
*resp = xmalloc(n * sizeof **resp);
buffer_init(&buffer);
for (i = 0; i < n; ++i) {
! resp[i]->resp_retcode = 0;
! resp[i]->resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 76,83 ----
*resp = xmalloc(n * sizeof **resp);
buffer_init(&buffer);
for (i = 0; i < n; ++i) {
! (*resp)[i].resp_retcode = 0;
! (*resp)[i].resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 85,91 ****
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! resp[i]->resp = buffer_get_string(&buffer, NULL);
break;
case PAM_PROMPT_ECHO_ON:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 85,91 ----
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! (*resp)[i].resp = buffer_get_string(&buffer, NULL);
break;
case PAM_PROMPT_ECHO_ON:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 93,99 ****
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! resp[i]->resp = buffer_get_string(&buffer, NULL);
break;
case PAM_ERROR_MSG:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 93,99 ----
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! (*resp)[i].resp = buffer_get_string(&buffer, NULL);
break;
case PAM_ERROR_MSG:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 111,118 ****
buffer_free(&buffer);
return (PAM_SUCCESS);
fail:
- while (i)
- xfree(resp[--i]);
xfree(*resp);
*resp = NULL;
buffer_free(&buffer);
--- 111,116 ----
Index: crypto/openssh/ssh_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
retrieving revision 1.2.2.4
retrieving revision 1.2.2.4.4.2
diff -p -c -r1.2.2.4 -r1.2.2.4.4.2
*** crypto/openssh/ssh_config 28 Sep 2001 01:33:35 -0000 1.2.2.4
--- crypto/openssh/ssh_config 24 Sep 2003 19:54:21 -0000 1.2.2.4.4.2
***************
*** 1,13 ****
! # This is ssh client systemwide configuration file. This file provides
! # defaults for users, and the values can be changed in per-user configuration
! # files or on the command line.
! #
! # $OpenBSD: ssh_config,v 1.10 2001/04/03 21:19:38 todd Exp $
! # $FreeBSD$
! # This is ssh client systemwide configuration file. See ssh(1) for more
! # information. This file provides defaults for users, and the values can
! # be changed in per-user configuration files or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
--- 1,10 ----
! # $OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $
! # $FreeBSD$
! # This is the ssh client system-wide configuration file. See
! # ssh_config(5) for more information. This file provides defaults for
! # users, and the values can be changed in per-user configuration files
! # or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
*************** Host *
*** 23,40 ****
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
! # RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
- # FallBackToRsh no
- # UseRsh no
# BatchMode no
# CheckHostIP yes
! # StrictHostKeyChecking yes
# IdentityFile ~/.ssh/identity
- # IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_rsa
# Port 22
Protocol 1,2
! # Cipher blowfish
# EscapeChar ~
--- 20,37 ----
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
! # RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# BatchMode no
# CheckHostIP yes
! # StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
+ # IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 1,2
! # Cipher 3des
! # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
+ # VersionAddendum FreeBSD-20030924
Index: crypto/openssh/sshd_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
retrieving revision 1.4.2.8.2.1
retrieving revision 1.4.2.8.2.2
diff -p -c -r1.4.2.8.2.1 -r1.4.2.8.2.2
*** crypto/openssh/sshd_config 16 Jul 2002 12:33:10 -0000 1.4.2.8.2.1
--- crypto/openssh/sshd_config 24 Sep 2003 19:54:21 -0000 1.4.2.8.2.2
***************
*** 14,20 ****
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
! #VersionAddendum FreeBSD-20020629
#Port 22
#Protocol 2,1
--- 14,20 ----
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
! #VersionAddendum FreeBSD-20030924
#Port 22
#Protocol 2,1
Index: crypto/openssh/version.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/version.h,v
retrieving revision 1.1.1.1.2.8.2.3
retrieving revision 1.1.1.1.2.8.2.4
diff -p -c -r1.1.1.1.2.8.2.3 -r1.1.1.1.2.8.2.4
*** crypto/openssh/version.h 17 Sep 2003 14:52:09 -0000 1.1.1.1.2.8.2.3
--- crypto/openssh/version.h 24 Sep 2003 19:54:21 -0000 1.1.1.1.2.8.2.4
***************
*** 5,11 ****
#define SSH_VERSION (ssh_version_get())
#define SSH_VERSION_BASE "OpenSSH_3.4p1"
! #define SSH_VERSION_ADDENDUM "FreeBSD-20030917"
const char *ssh_version_get(void);
void ssh_version_set_addendum(const char *add);
--- 5,11 ----
#define SSH_VERSION (ssh_version_get())
#define SSH_VERSION_BASE "OpenSSH_3.4p1"
! #define SSH_VERSION_ADDENDUM "FreeBSD-20030924"
const char *ssh_version_get(void);
void ssh_version_set_addendum(const char *add);
Reference in a new issue View git blame Copy permalink