Mercurial > dropbear
diff svr-authpasswd.c @ 1640:228b086794b7
limit password length to 100
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 21 Mar 2019 00:09:07 +0800 |
parents | 5d2d1021ca00 |
children |
line wrap: on
line diff
--- a/svr-authpasswd.c Wed Mar 20 23:47:25 2019 +0800 +++ b/svr-authpasswd.c Thu Mar 21 00:09:07 2019 +0800 @@ -65,7 +65,7 @@ } password = buf_getstring(ses.payload, &passwordlen); - if (valid_user) { + if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) { /* the first bytes of passwdcrypt are the salt */ passwdcrypt = ses.authstate.pw_passwd; testcrypt = crypt(password, passwdcrypt); @@ -80,6 +80,15 @@ return; } + if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) { + dropbear_log(LOG_WARNING, + "Too-long password attempt for '%s' from %s", + ses.authstate.pw_name, + svr_ses.addrstring); + send_msg_userauth_failure(0, 1); + return; + } + if (testcrypt == NULL) { /* crypt() with an invalid salt like "!!" */ dropbear_log(LOG_WARNING, "User account '%s' is locked",