On Mon, 17 Aug 2015, Ethan Rahn wrote: > Hello, > > When testing a fix for CVE-2015-5600 based on the Ubuntu patch in > openssh-5.9 ( > https://launchpadlibrarian.net/214490716/openssh_1%3A5.9p1-5ubuntu1.4_1%3A5.9p1-5ubuntu1.6.diff.gz > ), I noticed that there was an issue with getting permission denied when > trying to log in lots of times with what should be valid credentials. > > The symptom was when logging in with the command and sshd_config below I > would get permission denied sometimes and permission granted other times. > Upon investigating the reason for permission being denied was sshd > erroneously thinking "pam" had already been used as a login method on the > first attempt to use it. This appeared to be related to the kbdinit_alloc > function in auth2_chall.c not initializing devices_done. Once I made the > following patch the issue went away: > > @@ -130,6 +131,7 @@ kbdint_alloc(const char *devs) > kbdintctxt->ctxt = NULL; > kbdintctxt->device = NULL; > kbdintctxt->nreq = 0; > + kbdintctxt->devices_done = 0; > > return kbdintctxt; > } Your patch is needed for openssh <= 6.3. Newer versions have used calloc to allocate kbdintctxt. Whoever backported the patch for 7.0 should have checked to begin with. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev