Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
openssh.3552
openssh-6.6p1-limit_password_length.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-6.6p1-limit_password_length.patch of Package openssh.3552
# HG changeset patch # Parent 5732f809e7d553018321ebe26d7bc2d98fe0ef46 Limit accepted passwords length to prevent DoS by resource consumption (via crypt() eating CPU cycles). CVE-2016-6515 bsc#992533 upstream commit: fcd135c9df440bcd2d5870405ad3311743d78d97 diff --git a/openssh-6.6p1/auth-passwd.c b/openssh-6.6p1/auth-passwd.c --- a/openssh-6.6p1/auth-passwd.c +++ b/openssh-6.6p1/auth-passwd.c @@ -60,16 +60,18 @@ extern ServerOptions options; #ifdef HAVE_LOGIN_CAP extern login_cap_t *lc; #endif #define DAY (24L * 60 * 60) /* 1 day in seconds */ #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ +#define MAX_PASSWORD_LEN 1024 + void disable_forwarding(void) { no_port_forwarding_flag = 1; no_agent_forwarding_flag = 1; no_x11_forwarding_flag = 1; } @@ -81,16 +83,19 @@ int auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; int result, ok = authctxt->valid; #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) static int expire_checked = 0; #endif + if (strlen(password) > MAX_PASSWORD_LEN) + return 0; + #ifndef HAVE_CYGWIN if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; #endif if (*password == '\0' && options.permit_empty_passwd == 0) return 0; #ifdef KRB5
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor