resource leak in ssh1 challenge-response authentication
Markus Friedl
markus at openbsd.org
Mon Mar 31 23:58:44 EST 2003
On Mon, Mar 31, 2003 at 03:05:51PM +0200, Dag-Erling Smørgrav wrote:
> If an ssh1 client initiates challenge-response authentication but does
> not submit a response to the challenge, and instead switches to some
> other authentication method, verify_response() will never run, and the
> kbdint device context will never be freed. In some cases (such as
> when the FreeBSD PAM authentication code is being used) this may cause
> a resource leak leading to a denial of service.
>
> The attached patch adds abandon_challenge_response() to auth-chall.c,
> and code to auth1.c to call it if challenge-response authentication
> was initiated but not completed.
ah, i see, someone is still using ssh1, good.
similar code should be in auth2_challenge_stop()...
More information about the openssh-unix-dev
mailing list