Re: Where to look next?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Sep 22, 2016 at 09:51:11AM +1000, Darren Tucker wrote:
> The client thinks the session is authenticated, though.  I think
> that's actually a bug in the OpenSSH client: ssh_userauth2() calls
> ssh_dispatch_run() with DISPATCH_BLOCK blocking on authctxt.success.
> It assumes that if it exits then it's authenticated.
> 
> ssh_packet_read_poll_seqnr(), however, will return
> SSH_ERR_DISCONNECTED in that case, which will cause ssh_dispatch_run()
> to return.

This should handle this case.

diff --git a/sshconnect2.c b/sshconnect2.c
index fae8b0f..ae77243 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -404,6 +404,8 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
 	pubkey_cleanup(&authctxt);
 	ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
 
+	if (!authctxt.success)
+		fatal("Authentication failed.");
 	debug("Authentication succeeded (%s).", authctxt.method->name);
 }
 
-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux