Mercurial > dropbear
comparison svr-authpasswd.c @ 1640:228b086794b7
limit password length to 100
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 21 Mar 2019 00:09:07 +0800 |
parents | 5d2d1021ca00 |
children |
comparison
equal
deleted
inserted
replaced
1639:8a485389330f | 1640:228b086794b7 |
---|---|
63 send_msg_userauth_failure(0, 1); | 63 send_msg_userauth_failure(0, 1); |
64 return; | 64 return; |
65 } | 65 } |
66 | 66 |
67 password = buf_getstring(ses.payload, &passwordlen); | 67 password = buf_getstring(ses.payload, &passwordlen); |
68 if (valid_user) { | 68 if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) { |
69 /* the first bytes of passwdcrypt are the salt */ | 69 /* the first bytes of passwdcrypt are the salt */ |
70 passwdcrypt = ses.authstate.pw_passwd; | 70 passwdcrypt = ses.authstate.pw_passwd; |
71 testcrypt = crypt(password, passwdcrypt); | 71 testcrypt = crypt(password, passwdcrypt); |
72 } | 72 } |
73 m_burn(password, passwordlen); | 73 m_burn(password, passwordlen); |
74 m_free(password); | 74 m_free(password); |
75 | 75 |
76 /* After we have got the payload contents we can exit if the username | 76 /* After we have got the payload contents we can exit if the username |
77 is invalid. Invalid users have already been logged. */ | 77 is invalid. Invalid users have already been logged. */ |
78 if (!valid_user) { | 78 if (!valid_user) { |
79 send_msg_userauth_failure(0, 1); | |
80 return; | |
81 } | |
82 | |
83 if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) { | |
84 dropbear_log(LOG_WARNING, | |
85 "Too-long password attempt for '%s' from %s", | |
86 ses.authstate.pw_name, | |
87 svr_ses.addrstring); | |
79 send_msg_userauth_failure(0, 1); | 88 send_msg_userauth_failure(0, 1); |
80 return; | 89 return; |
81 } | 90 } |
82 | 91 |
83 if (testcrypt == NULL) { | 92 if (testcrypt == NULL) { |