# HG changeset patch # User Matt Johnston # Date 1553098147 -28800 # Node ID 228b086794b7f381d21f34699edbf77ede826625 # Parent 8a485389330f9a28ea24b55a21b69b55c3f13440 limit password length to 100 diff -r 8a485389330f -r 228b086794b7 svr-authpasswd.c --- a/svr-authpasswd.c Wed Mar 20 23:47:25 2019 +0800 +++ b/svr-authpasswd.c Thu Mar 21 00:09:07 2019 +0800 @@ -65,7 +65,7 @@ } password = buf_getstring(ses.payload, &passwordlen); - if (valid_user) { + if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) { /* the first bytes of passwdcrypt are the salt */ passwdcrypt = ses.authstate.pw_passwd; testcrypt = crypt(password, passwdcrypt); @@ -80,6 +80,15 @@ return; } + if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) { + dropbear_log(LOG_WARNING, + "Too-long password attempt for '%s' from %s", + ses.authstate.pw_name, + svr_ses.addrstring); + send_msg_userauth_failure(0, 1); + return; + } + if (testcrypt == NULL) { /* crypt() with an invalid salt like "!!" */ dropbear_log(LOG_WARNING, "User account '%s' is locked", diff -r 8a485389330f -r 228b086794b7 sysoptions.h --- a/sysoptions.h Wed Mar 20 23:47:25 2019 +0800 +++ b/sysoptions.h Thu Mar 21 00:09:07 2019 +0800 @@ -86,6 +86,8 @@ /* Required for pubkey auth */ #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT)) +#define DROPBEAR_MAX_PASSWORD_LEN 100 + #define SHA1_HASH_SIZE 20 #define MD5_HASH_SIZE 16 #define MAX_HASH_SIZE 64 /* sha512 */