resource leak in ssh1 challenge-response authentication

Markus Friedl markus at
Mon Mar 31 23:58:44 EST 2003

On Mon, Mar 31, 2003 at 03:05:51PM +0200, Dag-Erling Smørgrav wrote:
> If an ssh1 client initiates challenge-response authentication but does
> not submit a response to the challenge, and instead switches to some
> other authentication method, verify_response() will never run, and the
> kbdint device context will never be freed.  In some cases (such as
> when the FreeBSD PAM authentication code is being used) this may cause
> a resource leak leading to a denial of service.
> The attached patch adds abandon_challenge_response() to auth-chall.c,
> and code to auth1.c to call it if challenge-response authentication
> was initiated but not completed.

ah, i see, someone is still using ssh1, good.

similar code should be in auth2_challenge_stop()...

More information about the openssh-unix-dev mailing list