diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2019-03-21 00:09:07 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2019-03-21 00:09:07 +0800 |
| commit | 8b4f60a7a113f4e9ae801dea88606f2663728f03 (patch) | |
| tree | 6fb446ad0e2db572789347d7eb24e0d641938a6a /svr-authpasswd.c | |
| parent | 01cd1bd11f50fc2cdb6b4e5194daab36f344c8df (diff) | |
limit password length to 100
Diffstat (limited to 'svr-authpasswd.c')
| -rw-r--r-- | svr-authpasswd.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/svr-authpasswd.c b/svr-authpasswd.c index 69c7d8a..a4f3202 100644 --- a/svr-authpasswd.c +++ b/svr-authpasswd.c @@ -65,7 +65,7 @@ void svr_auth_password(int valid_user) { } password = buf_getstring(ses.payload, &passwordlen); - if (valid_user) { + if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) { /* the first bytes of passwdcrypt are the salt */ passwdcrypt = ses.authstate.pw_passwd; testcrypt = crypt(password, passwdcrypt); @@ -80,6 +80,15 @@ void svr_auth_password(int valid_user) { return; } + if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) { + dropbear_log(LOG_WARNING, + "Too-long password attempt for '%s' from %s", + ses.authstate.pw_name, + svr_ses.addrstring); + send_msg_userauth_failure(0, 1); + return; + } + if (testcrypt == NULL) { /* crypt() with an invalid salt like "!!" */ dropbear_log(LOG_WARNING, "User account '%s' is locked", |