resource leak in ssh1 challenge-response authentication
Dag-Erling Smørgrav
des at ofug.org
Mon Mar 31 23:05:51 EST 2003
If an ssh1 client initiates challenge-response authentication but does
not submit a response to the challenge, and instead switches to some
other authentication method, verify_response() will never run, and the
kbdint device context will never be freed. In some cases (such as
when the FreeBSD PAM authentication code is being used) this may cause
a resource leak leading to a denial of service.
The attached patch adds abandon_challenge_response() to auth-chall.c,
and code to auth1.c to call it if challenge-response authentication
was initiated but not completed.
DES
--
Dag-Erling Smørgrav - des at ofug.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sshd-auth-chall.diff
Type: text/x-patch
Size: 2030 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030331/688687f8/attachment.bin
More information about the openssh-unix-dev
mailing list