diff options
author | Matt Johnston <matt@ucc.asn.au> | 2018-08-23 23:43:12 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2018-08-23 23:43:12 +0800 |
commit | 52adbb34c32d3e2e1bcdb941e20a6f81138b8248 (patch) | |
tree | 9df84dc409fa0f2a6ed2d9a75d40f31f68a73bbe /svr-authpubkey.c | |
parent | 90f04384eeb0a80b9f5ee19823702a612ba1653d (diff) |
Wait to fail invalid usernames
Diffstat (limited to 'svr-authpubkey.c')
-rw-r--r-- | svr-authpubkey.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/svr-authpubkey.c b/svr-authpubkey.c index aa6087c..ff481c8 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -79,7 +79,7 @@ static int checkfileperm(char * filename); /* process a pubkey auth request, sending success or failure message as * appropriate */ -void svr_auth_pubkey() { +void svr_auth_pubkey(int valid_user) { unsigned char testkey; /* whether we're just checking if a key is usable */ char* algo = NULL; /* pubkey algo */ @@ -102,6 +102,15 @@ void svr_auth_pubkey() { keybloblen = buf_getint(ses.payload); keyblob = buf_getptr(ses.payload, keybloblen); + if (!valid_user) { + /* Return failure once we have read the contents of the packet + required to validate a public key. + Avoids blind user enumeration though it isn't possible to prevent + testing for user existence if the public key is known */ + send_msg_userauth_failure(0, 0); + goto out; + } + /* check if the key is valid */ if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) { send_msg_userauth_failure(0, 0); |