resource leak in ssh1 challenge-response authentication

Dag-Erling Smørgrav des at
Mon Mar 31 23:05:51 EST 2003

If an ssh1 client initiates challenge-response authentication but does
not submit a response to the challenge, and instead switches to some
other authentication method, verify_response() will never run, and the
kbdint device context will never be freed.  In some cases (such as
when the FreeBSD PAM authentication code is being used) this may cause
a resource leak leading to a denial of service.

The attached patch adds abandon_challenge_response() to auth-chall.c,
and code to auth1.c to call it if challenge-response authentication
was initiated but not completed.

Dag-Erling Smørgrav - des at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: sshd-auth-chall.diff
Type: text/x-patch
Size: 2030 bytes
Desc: not available
Url : 

More information about the openssh-unix-dev mailing list