[openssh-commits] [openssh] 02/03: upstream: defence-in-depth MaxAuthTries check in monitor; ok markus

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e706bca324a70f68dadfd0ec69edfdd486eed23a
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Aug 16 16:14:11 2023 +0000

    upstream: defence-in-depth MaxAuthTries check in monitor; ok markus
    
    OpenBSD-Commit-ID: 65a4225dc708e2dae71315adf93677edace46c21
---
 monitor.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/monitor.c b/monitor.c
index 1489c78d..b3ed515e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.236 2023/05/10 10:04:20 dtucker Exp $ */
+/* $OpenBSD: monitor.c,v 1.237 2023/08/16 16:14:11 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos at citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -342,6 +342,11 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
 				    auth_method, auth_submethod);
 			}
 		}
+		if (authctxt->failures > options.max_authtries) {
+			/* Shouldn't happen */
+			fatal_f("privsep child made too many authentication "
+			    "attempts");
+		}
 	}
 
 	if (!authctxt->valid)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.