Mercurial > dropbear

comparison svr-auth.c @ 1733:d529a52b2f7c coverity coverity

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge coverity from main
author Matt Johnston <matt@ucc.asn.au>
date Fri, 26 Jun 2020 21:07:34 +0800
parents 7c17995bcdfb
children 8dc43b30c6bf
comparison
equal deleted inserted replaced
1643:b59623a64678 1733:d529a52b2f7c
239 if (userlen > MAX_USERNAME_LEN) { 239 if (userlen > MAX_USERNAME_LEN) {
240 return DROPBEAR_FAILURE; 240 return DROPBEAR_FAILURE;
241 } 241 }
242 242
243 if (strlen(username) != userlen) { 243 if (strlen(username) != userlen) {
244 dropbear_exit("Attempted username with a null byte from %s", 244 dropbear_exit("Attempted username with a null byte");
245 svr_ses.addrstring);
246 } 245 }
247 246
248 if (ses.authstate.username == NULL) { 247 if (ses.authstate.username == NULL) {
249 /* first request */ 248 /* first request */
250 fill_passwd(username); 249 fill_passwd(username);
251 ses.authstate.username = m_strdup(username); 250 ses.authstate.username = m_strdup(username);
252 } else { 251 } else {
253 /* check username hasn't changed */ 252 /* check username hasn't changed */
254 if (strcmp(username, ses.authstate.username) != 0) { 253 if (strcmp(username, ses.authstate.username) != 0) {
255 dropbear_exit("Client trying multiple usernames from %s", 254 dropbear_exit("Client trying multiple usernames");
256 svr_ses.addrstring);
257 } 255 }
258 } 256 }
259 257
260 /* avoids cluttering logs with repeated failure messages from 258 /* avoids cluttering logs with repeated failure messages from
261 consecutive authentication requests in a sesssion */ 259 consecutive authentication requests in a sesssion */
266 264
267 /* check that user exists */ 265 /* check that user exists */
268 if (!ses.authstate.pw_name) { 266 if (!ses.authstate.pw_name) {
269 TRACE(("leave checkusername: user '%s' doesn't exist", username)) 267 TRACE(("leave checkusername: user '%s' doesn't exist", username))
270 dropbear_log(LOG_WARNING, 268 dropbear_log(LOG_WARNING,
271 "Login attempt for nonexistent user from %s", 269 "Login attempt for nonexistent user");
272 svr_ses.addrstring);
273 ses.authstate.checkusername_failed = 1; 270 ses.authstate.checkusername_failed = 1;
274 return DROPBEAR_FAILURE; 271 return DROPBEAR_FAILURE;
275 } 272 }
276 273
277 /* check if we are running as non-root, and login user is different from the server */ 274 /* check if we are running as non-root, and login user is different from the server */
278 uid = geteuid(); 275 uid = geteuid();
279 if (!(DROPBEAR_SVR_MULTIUSER && uid == 0) && uid != ses.authstate.pw_uid) { 276 if (!(DROPBEAR_SVR_MULTIUSER && uid == 0) && uid != ses.authstate.pw_uid) {
280 TRACE(("running as nonroot, only server uid is allowed")) 277 TRACE(("running as nonroot, only server uid is allowed"))
281 dropbear_log(LOG_WARNING, 278 dropbear_log(LOG_WARNING,
282 "Login attempt with wrong user %s from %s", 279 "Login attempt with wrong user %s",
283 ses.authstate.pw_name, 280 ses.authstate.pw_name);
284 svr_ses.addrstring);
285 ses.authstate.checkusername_failed = 1; 281 ses.authstate.checkusername_failed = 1;
286 return DROPBEAR_FAILURE; 282 return DROPBEAR_FAILURE;
287 } 283 }
288 284
289 /* check for non-root if desired */ 285 /* check for non-root if desired */
438 if (ses.authstate.pw_name == NULL) { 434 if (ses.authstate.pw_name == NULL) {
439 userstr = "is invalid"; 435 userstr = "is invalid";
440 } else { 436 } else {
441 userstr = ses.authstate.pw_name; 437 userstr = ses.authstate.pw_name;
442 } 438 }
443 dropbear_exit("Max auth tries reached - user '%s' from %s", 439 dropbear_exit("Max auth tries reached - user '%s'",
444 userstr, svr_ses.addrstring); 440 userstr);
445 } 441 }
446 442
447 TRACE(("leave send_msg_userauth_failure")) 443 TRACE(("leave send_msg_userauth_failure"))
448 } 444 }
449 445