Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / fcd135c9df440bcd2d5870405ad3311743d78d97
commitfcd135c9df440bcd2d5870405ad3311743d78d97[log] [tgz]
authordtucker@openbsd.org <dtucker@openbsd.org>Thu Jul 21 01:39:35 2016 +0000
committerDamien Miller <djm@mindrot.org>Fri Jul 22 13:36:40 2016 +1000
tree0d66a792ade2b7cca30f5df586714fb1cf5f2265
parent324583e8fb3935690be58790425793df619c6d4d [diff]
upstream commit

Skip passwords longer than 1k in length so clients can't
easily DoS sshd by sending very long passwords, causing it to spend CPU
hashing them. feedback djm@, ok markus@.

Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org

Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
1 file changed
tree: 0d66a792ade2b7cca30f5df586714fb1cf5f2265
  1. contrib/
  2. openbsd-compat/
  3. regress/
  4. .skipped-commit-ids
  5. aclocal.m4
  6. addrmatch.c
  7. atomicio.c
  8. atomicio.h
  9. audit-bsm.c
  10. audit-linux.c
  11. audit.c
  12. audit.h
  13. auth-bsdauth.c
  14. auth-chall.c
  15. auth-krb5.c
  16. auth-options.c
  17. auth-options.h
  18. auth-pam.c
  19. auth-pam.h
  20. auth-passwd.c
  21. auth-rh-rsa.c
  22. auth-rhosts.c
  23. auth-rsa.c
  24. auth-shadow.c
  25. auth-sia.c
  26. auth-sia.h
  27. auth-skey.c
  28. auth.c
  29. auth.h
  30. auth1.c
  31. auth2-chall.c
  32. auth2-gss.c
  33. auth2-hostbased.c
  34. auth2-kbdint.c
  35. auth2-none.c
  36. auth2-passwd.c
  37. auth2-pubkey.c
  38. auth2.c
  39. authfd.c
  40. authfd.h
  41. authfile.c
  42. authfile.h
  43. bitmap.c
  44. bitmap.h
  45. blocks.c
  46. bufaux.c
  47. bufbn.c
  48. bufec.c
  49. buffer.c
  50. buffer.h
  51. buildpkg.sh.in
  52. canohost.c
  53. canohost.h
  54. chacha.c
  55. chacha.h
  56. channels.c
  57. channels.h
  58. cipher-3des1.c
  59. cipher-aes.c
  60. cipher-aesctr.c
  61. cipher-aesctr.h
  62. cipher-bf1.c
  63. cipher-chachapoly.c
  64. cipher-chachapoly.h
  65. cipher-ctr.c
  66. cipher.c
  67. cipher.h
  68. cleanup.c
  69. clientloop.c
  70. clientloop.h
  71. compat.c
  72. compat.h
  73. config.guess
  74. config.sub
  75. configure.ac
  76. crc32.c
  77. crc32.h
  78. CREDITS
  79. crypto_api.h
  80. deattack.c
  81. deattack.h
  82. defines.h
  83. dh.c
  84. dh.h
  85. digest-libc.c
  86. digest-openssl.c
  87. digest.h
  88. dispatch.c
  89. dispatch.h
  90. dns.c
  91. dns.h
  92. ed25519.c
  93. entropy.c
  94. entropy.h
  95. fatal.c
  96. fe25519.c
  97. fe25519.h
  98. fixalgorithms
  99. fixpaths
  100. fixprogs
  101. ge25519.c
  102. ge25519.h
  103. ge25519_base.data
  104. groupaccess.c
  105. groupaccess.h
  106. gss-genr.c
  107. gss-serv-krb5.c
  108. gss-serv.c
  109. hash.c
  110. hmac.c
  111. hmac.h
  112. hostfile.c
  113. hostfile.h
  114. includes.h
  115. INSTALL
  116. install-sh
  117. kex.c
  118. kex.h
  119. kexc25519.c
  120. kexc25519c.c
  121. kexc25519s.c
  122. kexdh.c
  123. kexdhc.c
  124. kexdhs.c
  125. kexecdh.c
  126. kexecdhc.c
  127. kexecdhs.c
  128. kexgex.c
  129. kexgexc.c
  130. kexgexs.c
  131. key.c
  132. key.h
  133. krl.c
  134. krl.h
  135. LICENCE
  136. log.c
  137. log.h
  138. loginrec.c
  139. loginrec.h
  140. logintest.c
  141. mac.c
  142. mac.h
  143. Makefile.in
  144. match.c
  145. match.h
  146. md-sha256.c
  147. md5crypt.c
  148. md5crypt.h
  149. mdoc2man.awk
  150. misc.c
  151. misc.h
  152. mkinstalldirs
  153. moduli
  154. moduli.5
  155. moduli.c
  156. monitor.c
  157. monitor.h
  158. monitor_fdpass.c
  159. monitor_fdpass.h
  160. monitor_mm.c
  161. monitor_mm.h
  162. monitor_wrap.c
  163. monitor_wrap.h
  164. msg.c
  165. msg.h
  166. mux.c
  167. myproposal.h
  168. nchan.c
  169. nchan.ms
  170. nchan2.ms
  171. opacket.c
  172. opacket.h
  173. openssh.xml.in
  174. opensshd.init.in
  175. OVERVIEW
  176. packet.c
  177. packet.h
  178. pathnames.h
  179. pkcs11.h
  180. platform-pledge.c
  181. platform-tracing.c
  182. platform.c
  183. platform.h
  184. poly1305.c
  185. poly1305.h
  186. progressmeter.c
  187. progressmeter.h
  188. PROTOCOL
  189. PROTOCOL.agent
  190. PROTOCOL.certkeys
  191. PROTOCOL.chacha20poly1305
  192. PROTOCOL.key
  193. PROTOCOL.krl
  194. PROTOCOL.mux
  195. readconf.c
  196. readconf.h
  197. README
  198. README.dns
  199. README.platform
  200. README.privsep
  201. README.tun
  202. readpass.c
  203. rijndael.c
  204. rijndael.h
  205. rsa.c
  206. rsa.h
  207. sandbox-capsicum.c
  208. sandbox-darwin.c
  209. sandbox-null.c
  210. sandbox-pledge.c
  211. sandbox-rlimit.c
  212. sandbox-seccomp-filter.c
  213. sandbox-solaris.c
  214. sandbox-systrace.c
  215. sc25519.c
  216. sc25519.h
  217. scp.1
  218. scp.c
  219. servconf.c
  220. servconf.h
  221. serverloop.c
  222. serverloop.h
  223. session.c
  224. session.h
  225. sftp-client.c
  226. sftp-client.h
  227. sftp-common.c
  228. sftp-common.h
  229. sftp-glob.c
  230. sftp-server-main.c
  231. sftp-server.8
  232. sftp-server.c
  233. sftp.1
  234. sftp.c
  235. sftp.h
  236. smult_curve25519_ref.c
  237. ssh-add.1
  238. ssh-add.c
  239. ssh-agent.1
  240. ssh-agent.c
  241. ssh-dss.c
  242. ssh-ecdsa.c
  243. ssh-ed25519.c
  244. ssh-gss.h
  245. ssh-keygen.1
  246. ssh-keygen.c
  247. ssh-keyscan.1
  248. ssh-keyscan.c
  249. ssh-keysign.8
  250. ssh-keysign.c
  251. ssh-pkcs11-client.c
  252. ssh-pkcs11-helper.8
  253. ssh-pkcs11-helper.c
  254. ssh-pkcs11.c
  255. ssh-pkcs11.h
  256. ssh-rsa.c
  257. ssh-sandbox.h
  258. ssh.1
  259. ssh.c
  260. ssh.h
  261. ssh1.h
  262. ssh2.h
  263. ssh_api.c
  264. ssh_api.h
  265. ssh_config
  266. ssh_config.5
  267. sshbuf-getput-basic.c
  268. sshbuf-getput-crypto.c
  269. sshbuf-misc.c
  270. sshbuf.c
  271. sshbuf.h
  272. sshconnect.c
  273. sshconnect.h
  274. sshconnect1.c
  275. sshconnect2.c
  276. sshd.8
  277. sshd.c
  278. sshd_config
  279. sshd_config.5
  280. ssherr.c
  281. ssherr.h
  282. sshkey.c
  283. sshkey.h
  284. sshlogin.c
  285. sshlogin.h
  286. sshpty.c
  287. sshpty.h
  288. sshtty.c
  289. survey.sh.in
  290. TODO
  291. ttymodes.c
  292. ttymodes.h
  293. uidswap.c
  294. uidswap.h
  295. umac.c
  296. umac.h
  297. utf8.c
  298. utf8.h
  299. uuencode.c
  300. uuencode.h
  301. verify.c
  302. version.h
  303. xmalloc.c
  304. xmalloc.h