os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/patches/SA-03:15/openssh47.patch
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

228 lines
7.5 KiB
Diff
Raw Blame History

Index: crypto/openssh/auth-chall.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
retrieving revision 1.2.2.3
retrieving revision 1.2.2.3.2.1
diff -p -c -r1.2.2.3 -r1.2.2.3.2.1
*** crypto/openssh/auth-chall.c 3 Jul 2002 22:11:41 -0000 1.2.2.3
--- crypto/openssh/auth-chall.c 24 Sep 2003 19:50:39 -0000 1.2.2.3.2.1
*************** verify_response(Authctxt *authctxt, cons
*** 80,82 ****
--- 80,90 ----
authctxt->kbdintctxt = NULL;
return res ? 0 : 1;
}
+ void
+ abandon_challenge_response(Authctxt *authctxt)
+ {
+ if (authctxt->kbdintctxt != NULL) {
+ device->free_ctx(authctxt->kbdintctxt);
+ authctxt->kbdintctxt = NULL;
+ }
+ }
Index: crypto/openssh/auth.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
retrieving revision 1.1.1.1.2.5
retrieving revision 1.1.1.1.2.5.2.1
diff -p -c -r1.1.1.1.2.5 -r1.1.1.1.2.5.2.1
*** crypto/openssh/auth.h 3 Jul 2002 22:11:41 -0000 1.1.1.1.2.5
--- crypto/openssh/auth.h 24 Sep 2003 19:50:39 -0000 1.1.1.1.2.5.2.1
*************** struct passwd * getpwnamallow(const char
*** 160,165 ****
--- 160,166 ----
char *get_challenge(Authctxt *);
int verify_response(Authctxt *, const char *);
+ void abandon_challenge_response(Authctxt *);
struct passwd * auth_get_user(void);
Index: crypto/openssh/auth1.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v
retrieving revision 1.3.2.8
retrieving revision 1.3.2.8.2.1
diff -p -c -r1.3.2.8 -r1.3.2.8.2.1
*** crypto/openssh/auth1.c 3 Jul 2002 22:11:41 -0000 1.3.2.8
--- crypto/openssh/auth1.c 24 Sep 2003 19:50:39 -0000 1.3.2.8.2.1
*************** do_authloop(Authctxt *authctxt)
*** 73,79 ****
char info[1024];
u_int dlen;
u_int ulen;
! int type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
--- 73,79 ----
char info[1024];
u_int dlen;
u_int ulen;
! int prev, type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
*************** do_authloop(Authctxt *authctxt)
*** 103,109 ****
--- 103,121 ----
info[0] = '\0';
/* Get a packet from the client. */
+ prev = type;
type = packet_read();
+
+ /*
+ * If we started challenge-response authentication but the
+ * next packet is not a response to our challenge, release
+ * the resources allocated by get_challenge() (which would
+ * normally have been released by verify_response() had we
+ * received such a response)
+ */
+ if (prev == SSH_CMSG_AUTH_TIS &&
+ type != SSH_CMSG_AUTH_TIS_RESPONSE)
+ abandon_challenge_response(authctxt);
/* Process the packet. */
switch (type) {
Index: crypto/openssh/auth2-pam-freebsd.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.2.2.2
diff -p -c -r1.1.2.2 -r1.1.2.2.2.2
*** crypto/openssh/auth2-pam-freebsd.c 17 Jul 2002 17:45:18 -0000 1.1.2.2
--- crypto/openssh/auth2-pam-freebsd.c 24 Sep 2003 19:16:24 -0000 1.1.2.2.2.2
*************** pam_child_conv(int n,
*** 76,83 ****
*resp = xmalloc(n * sizeof **resp);
buffer_init(&buffer);
for (i = 0; i < n; ++i) {
! resp[i]->resp_retcode = 0;
! resp[i]->resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 76,83 ----
*resp = xmalloc(n * sizeof **resp);
buffer_init(&buffer);
for (i = 0; i < n; ++i) {
! (*resp)[i].resp_retcode = 0;
! (*resp)[i].resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 85,91 ****
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! resp[i]->resp = buffer_get_string(&buffer, NULL);
break;
case PAM_PROMPT_ECHO_ON:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 85,91 ----
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! (*resp)[i].resp = buffer_get_string(&buffer, NULL);
break;
case PAM_PROMPT_ECHO_ON:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 93,99 ****
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! resp[i]->resp = buffer_get_string(&buffer, NULL);
break;
case PAM_ERROR_MSG:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 93,99 ----
msg_recv(ctxt->pam_sock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! (*resp)[i].resp = buffer_get_string(&buffer, NULL);
break;
case PAM_ERROR_MSG:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 111,118 ****
buffer_free(&buffer);
return (PAM_SUCCESS);
fail:
- while (i)
- xfree(resp[--i]);
xfree(*resp);
*resp = NULL;
buffer_free(&buffer);
--- 111,116 ----
Index: crypto/openssh/ssh_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
retrieving revision 1.2.2.6
retrieving revision 1.2.2.6.2.1
diff -p -c -r1.2.2.6 -r1.2.2.6.2.1
*** crypto/openssh/ssh_config 25 Jul 2002 16:03:44 -0000 1.2.2.6
--- crypto/openssh/ssh_config 24 Sep 2003 19:51:42 -0000 1.2.2.6.2.1
***************
*** 34,37 ****
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
! # VersionAddendum FreeBSD-20020629
--- 34,37 ----
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
! # VersionAddendum FreeBSD-20030924
Index: crypto/openssh/sshd_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
retrieving revision 1.4.2.10
retrieving revision 1.4.2.10.2.1
diff -p -c -r1.4.2.10 -r1.4.2.10.2.1
*** crypto/openssh/sshd_config 26 Jul 2002 15:18:32 -0000 1.4.2.10
--- crypto/openssh/sshd_config 24 Sep 2003 19:51:42 -0000 1.4.2.10.2.1
***************
*** 14,20 ****
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
! #VersionAddendum FreeBSD-20020629
#Port 22
#Protocol 2,1
--- 14,20 ----
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
! #VersionAddendum FreeBSD-20030924
#Port 22
#Protocol 2,1
Index: crypto/openssh/version.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/version.h,v
retrieving revision 1.1.1.1.2.9.2.2
retrieving revision 1.1.1.1.2.9.2.3
diff -p -c -r1.1.1.1.2.9.2.2 -r1.1.1.1.2.9.2.3
*** crypto/openssh/version.h 17 Sep 2003 14:51:37 -0000 1.1.1.1.2.9.2.2
--- crypto/openssh/version.h 24 Sep 2003 19:51:42 -0000 1.1.1.1.2.9.2.3
***************
*** 5,11 ****
#define SSH_VERSION (ssh_version_get())
#define SSH_VERSION_BASE "OpenSSH_3.4p1"
! #define SSH_VERSION_ADDENDUM "FreeBSD-20030917"
const char *ssh_version_get(void);
void ssh_version_set_addendum(const char *add);
--- 5,11 ----
#define SSH_VERSION (ssh_version_get())
#define SSH_VERSION_BASE "OpenSSH_3.4p1"
! #define SSH_VERSION_ADDENDUM "FreeBSD-20030924"
const char *ssh_version_get(void);
void ssh_version_set_addendum(const char *add);
Reference in a new issue View git blame Copy permalink