auth*.c
Markus Friedl
markus at openbsd.org
Thu Dec 27 23:01:30 EST 2001
On Tue, Dec 25, 2001 at 06:34:36PM -0600, mandar at webchat.chatsystems.com wrote:
> Folks,
>
> During testing, we found a couple of issues with openssh3.0.2p1:
>
> 1. In userauth_finish() in auth2.c (as well as in do_authloop in auth1.c),
> the foll. check:
>
> if (authctxt->failures++ > AUTH_FAIL_MAX)
>
> is never satisfied and thus packet_disconnect() never gets called. I
> suspect the code just drops out of the dispatch_run function list instead.
> This should be an == instead of >. While looking at the debug output
> when deliberately entering wrong passwords, I noticed one try for none,
> three for password, and then three for keyboard-interactive, at which point
> authctxt->failures is 6, and then the loop completes.
sorry, i don't understand.
More information about the openssh-unix-dev
mailing list