diff svr-authpubkey.c @ 1616:5d2d1021ca00

Wait to fail invalid usernames
author Matt Johnston <matt@ucc.asn.au>
date Thu, 23 Aug 2018 23:43:12 +0800
parents 35f38af1238b
children 1fbe598a14fb
line wrap: on
line diff
--- a/svr-authpubkey.c	Thu Aug 23 22:10:07 2018 +0800
+++ b/svr-authpubkey.c	Thu Aug 23 23:43:12 2018 +0800
@@ -79,7 +79,7 @@
 
 /* process a pubkey auth request, sending success or failure message as
  * appropriate */
-void svr_auth_pubkey() {
+void svr_auth_pubkey(int valid_user) {
 
 	unsigned char testkey; /* whether we're just checking if a key is usable */
 	char* algo = NULL; /* pubkey algo */
@@ -102,6 +102,15 @@
 	keybloblen = buf_getint(ses.payload);
 	keyblob = buf_getptr(ses.payload, keybloblen);
 
+	if (!valid_user) {
+		/* Return failure once we have read the contents of the packet
+		required to validate a public key. 
+		Avoids blind user enumeration though it isn't possible to prevent
+		testing for user existence if the public key is known */
+		send_msg_userauth_failure(0, 0);
+		goto out;
+	}
+
 	/* check if the key is valid */
 	if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) {
 		send_msg_userauth_failure(0, 0);