Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
openssh-askpass-gnome
openssh-7.2p2-limit_password_length.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-7.2p2-limit_password_length.patch of Package openssh-askpass-gnome
From 5d8e8cb8701203916c7a3916d69061c8db316552 Mon Sep 17 00:00:00 2001 From: Old openssh patches <pcerny@suse.com> Date: Wed, 26 Oct 2022 09:54:39 +0200 Subject: [PATCH] openssh-7.2p2-limit_password_length # HG changeset patch # Parent 60b6265db17515fff0b2ae97c00092465bbd4e26 Limit accepted passwords length to prevent DoS by resource consumption (via crypt() eating CPU cycles). CVE-2016-6515 bsc#992533 upstream commit: fcd135c9df440bcd2d5870405ad3311743d78d97 --- auth-passwd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/auth-passwd.c b/auth-passwd.c index 530b5d4f..a574ecea 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -66,6 +66,8 @@ extern login_cap_t *lc; #define DAY (24L * 60 * 60) /* 1 day in seconds */ #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ +#define MAX_PASSWORD_LEN 1024 + void disable_forwarding(void) { @@ -87,6 +89,9 @@ auth_password(Authctxt *authctxt, const char *password) static int expire_checked = 0; #endif + if (strlen(password) > MAX_PASSWORD_LEN) + return 0; + #ifndef HAVE_CYGWIN if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; -- 2.38.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor