diff svr-authpubkey.c @ 1617:1fbe598a14fb

Merge bugfix delay invalid users
author Matt Johnston <matt@ucc.asn.au>
date Thu, 23 Aug 2018 23:43:45 +0800
parents dc7c9fdb3716 5d2d1021ca00
children 9579377b5f8b
line wrap: on
line diff
--- a/svr-authpubkey.c	Tue Jul 24 20:19:05 2018 +0800
+++ b/svr-authpubkey.c	Thu Aug 23 23:43:45 2018 +0800
@@ -79,7 +79,7 @@
 
 /* process a pubkey auth request, sending success or failure message as
  * appropriate */
-void svr_auth_pubkey() {
+void svr_auth_pubkey(int valid_user) {
 
 	unsigned char testkey; /* whether we're just checking if a key is usable */
 	char* algo = NULL; /* pubkey algo */
@@ -102,6 +102,15 @@
 	keybloblen = buf_getint(ses.payload);
 	keyblob = buf_getptr(ses.payload, keybloblen);
 
+	if (!valid_user) {
+		/* Return failure once we have read the contents of the packet
+		required to validate a public key. 
+		Avoids blind user enumeration though it isn't possible to prevent
+		testing for user existence if the public key is known */
+		send_msg_userauth_failure(0, 0);
+		goto out;
+	}
+
 	/* check if the key is valid */
 	if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) {
 		send_msg_userauth_failure(0, 0);