[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Set correct state after sending INFO_REQUEST (Kbd Interactive)


Hello,


Here's a patch related to changes from CVE-2018-10933:

Keyboard Interactive Authentication as server always fails (on new packet filtering) because SSH_AUTH_STATE_INFO is not correctly set on Keyboard Interactive request.

This can be tested with samplesshd-kbdint example.


This patch set correct state on keyboard interactive request.


Regards,


Meng
From d857bd55f141eb25e8478888200260a73f39ad7b Mon Sep 17 00:00:00 2001
From: Meng Tan <mtan@xxxxxxxxxx>
Date: Wed, 17 Oct 2018 14:50:08 +0200
Subject: [PATCH] Set correct state after sending INFO_REQUEST (Kbd
 Interactive)

Signed-off-by: Meng Tan <mtan@xxxxxxxxxx>
---
 src/server.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/server.c b/src/server.c
index e14636ec..84cc4f7a 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1039,6 +1039,7 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name,
     msg->session->kbdint->prompts = NULL;
     msg->session->kbdint->echo = NULL;
   }
+  msg->session->auth.state = SSH_AUTH_STATE_INFO;

   return rc;
 }
--
2.11.0

Follow-Ups:
Re: [PATCH] Set correct state after sending INFO_REQUEST (Kbd Interactive)Andreas Schneider <asn@xxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org