summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/auth-passwd.c
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2017-08-10 06:59:26 +0000
committerdelphij <delphij@FreeBSD.org>2017-08-10 06:59:26 +0000
commit82d137a0d8be5edd7243ab4a253b076ceb9f5633 (patch)
tree1398b970a9b8e825947bce39f4908bb775cc0cdb /crypto/openssh/auth-passwd.c
parent348f5311d13a14a86bd5e73cfac8ac707498b87c (diff)
downloadFreeBSD-src-82d137a0d8be5edd7243ab4a253b076ceb9f5633.zip
FreeBSD-src-82d137a0d8be5edd7243ab4a253b076ceb9f5633.tar.gz
Fix OpenSSH Denial of Service vulnerability. [SA-17:06]releng/11.0
Fix VNET kernel panic with asynchronous I/O. [EN-17:07] Approved by: so
Diffstat (limited to 'crypto/openssh/auth-passwd.c')
-rw-r--r--crypto/openssh/auth-passwd.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/openssh/auth-passwd.c b/crypto/openssh/auth-passwd.c
index 63ccf3c..f6825ec 100644
--- a/crypto/openssh/auth-passwd.c
+++ b/crypto/openssh/auth-passwd.c
@@ -66,6 +66,8 @@ extern login_cap_t *lc;
#define DAY (24L * 60 * 60) /* 1 day in seconds */
#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */
+#define MAX_PASSWORD_LEN 1024
+
void
disable_forwarding(void)
{
@@ -87,6 +89,9 @@ auth_password(Authctxt *authctxt, const char *password)
static int expire_checked = 0;
#endif
+ if (strlen(password) > MAX_PASSWORD_LEN)
+ return 0;
+
#ifndef HAVE_CYGWIN
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
ok = 0;
OpenPOWER on IntegriCloud