From: Marco Trevisan (Treviño) <mail@xxxxxxxxx>
We were only checking if the prefix of a device name was matching what
we had in the devices list, so if the device list contained "pam", then
also the device "pam-foo" was matching.
---
auth2-chall.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/auth2-chall.c b/auth2-chall.c
index 021df8291..52d38e2ef 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -170,7 +170,7 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
"keyboard-interactive", devices[i]->name))
continue;
if (strncmp(kbdintctxt->devices, devices[i]->name,
- len) == 0) {
+ len) == 0 && strlen(devices[i]->name) == len) {
kbdintctxt->device = devices[i];
kbdintctxt->devices_done |= 1 << i;
}
--
2.34.1
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
