- markus@cvs.openbsd.org 2003/08/26 09:58:43 [auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar

commit: 856f0be66908352828bb595f7ad5213623c0c610 [log] [tgz]
author: Damien Miller <djm@mindrot.org> Wed Sep 03 07:32:45 2003 +1000
committer: Damien Miller <djm@mindrot.org> Wed Sep 03 07:32:45 2003 +1000
tree: 607c8df162abc4a5aa61cbaad86f9a4aaf71718a
parent: 39638b6aebf5ca69ba75c79c0cc0572e1f396258 [diff] [blame]
diff --git a/auth1.c b/auth1.c
index 5b1922a..dfe944d 100644
--- a/auth1.c
+++ b/auth1.c

@@ -299,8 +299,10 @@
 	/* Verify that the user is a valid user. */
 	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
 		authctxt->valid = 1;
-	else
+	else {
 		debug("do_authentication: illegal user %s", user);
+		authctxt->pw = fakepw();
+	}
 
 	setproctitle("%s%s", authctxt->pw ? user : "unknown",
 	    use_privsep ? " [net]" : "");
commit	856f0be66908352828bb595f7ad5213623c0c610	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Wed Sep 03 07:32:45 2003 +1000
committer	Damien Miller <djm@mindrot.org>	Wed Sep 03 07:32:45 2003 +1000
tree	607c8df162abc4a5aa61cbaad86f9a4aaf71718a
parent	39638b6aebf5ca69ba75c79c0cc0572e1f396258 [diff] [blame]