Fix multiple OpenSSH vulnerabilities.
Security: CVE-2014-2653 Security: CVE-2015-5600 Security: FreeBSD-SA-15:16.openssh
This commit is contained in:
parent
33661d0781
commit
e4eb287ad0
@ -82,6 +82,7 @@ struct KbdintAuthctxt
|
||||
void *ctxt;
|
||||
KbdintDevice *device;
|
||||
u_int nreq;
|
||||
u_int devices_done;
|
||||
};
|
||||
|
||||
#ifdef USE_PAM
|
||||
@ -168,11 +169,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
|
||||
if (len == 0)
|
||||
break;
|
||||
for (i = 0; devices[i]; i++) {
|
||||
if (!auth2_method_allowed(authctxt,
|
||||
if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
|
||||
!auth2_method_allowed(authctxt,
|
||||
"keyboard-interactive", devices[i]->name))
|
||||
continue;
|
||||
if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
|
||||
if (strncmp(kbdintctxt->devices, devices[i]->name,
|
||||
len) == 0) {
|
||||
kbdintctxt->device = devices[i];
|
||||
kbdintctxt->devices_done |= 1 << i;
|
||||
}
|
||||
}
|
||||
t = kbdintctxt->devices;
|
||||
kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
|
||||
|
@ -1247,29 +1247,39 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
|
||||
{
|
||||
int flags = 0;
|
||||
char *fp;
|
||||
Key *plain = NULL;
|
||||
|
||||
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
|
||||
debug("Server host key: %s %s", key_type(host_key), fp);
|
||||
free(fp);
|
||||
|
||||
/* XXX certs are not yet supported for DNS */
|
||||
if (!key_is_cert(host_key) && options.verify_host_key_dns &&
|
||||
verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
|
||||
if (flags & DNS_VERIFY_FOUND) {
|
||||
|
||||
if (options.verify_host_key_dns == 1 &&
|
||||
flags & DNS_VERIFY_MATCH &&
|
||||
flags & DNS_VERIFY_SECURE)
|
||||
return 0;
|
||||
|
||||
if (flags & DNS_VERIFY_MATCH) {
|
||||
matching_host_key_dns = 1;
|
||||
} else {
|
||||
warn_changed_key(host_key);
|
||||
error("Update the SSHFP RR in DNS with the new "
|
||||
"host key to get rid of this message.");
|
||||
if (options.verify_host_key_dns) {
|
||||
/*
|
||||
* XXX certs are not yet supported for DNS, so downgrade
|
||||
* them and try the plain key.
|
||||
*/
|
||||
plain = key_from_private(host_key);
|
||||
if (key_is_cert(plain))
|
||||
key_drop_cert(plain);
|
||||
if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
|
||||
if (flags & DNS_VERIFY_FOUND) {
|
||||
if (options.verify_host_key_dns == 1 &&
|
||||
flags & DNS_VERIFY_MATCH &&
|
||||
flags & DNS_VERIFY_SECURE) {
|
||||
key_free(plain);
|
||||
return 0;
|
||||
}
|
||||
if (flags & DNS_VERIFY_MATCH) {
|
||||
matching_host_key_dns = 1;
|
||||
} else {
|
||||
warn_changed_key(plain);
|
||||
error("Update the SSHFP RR in DNS "
|
||||
"with the new host key to get rid "
|
||||
"of this message.");
|
||||
}
|
||||
}
|
||||
}
|
||||
key_free(plain);
|
||||
}
|
||||
|
||||
return check_host_key(host, hostaddr, options.port, host_key, RDRW,
|
||||
|
Loading…
x
Reference in New Issue
Block a user