limit password length to 100

author: Matt Johnston <matt@ucc.asn.au> 2019-03-21 00:09:07 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2019-03-21 00:09:07 +0800
commit: ff97e856b6d13eb20aaac0493fa6921b466a64a3 (patch)
tree: c801474783f49a494785a1e24eee693d23e0437d /svr-authpasswd.c
parent: 7d58dba5280ff0004b5474da9d01f4580dc677b2 (diff)
download: dropbear-ff97e856b6d13eb20aaac0493fa6921b466a64a3.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/svr-authpasswd.c b/svr-authpasswd.c
index 69c7d8a..a4f3202 100644
--- a/svr-authpasswd.c
+++ b/svr-authpasswd.c
@@ -65,7 +65,7 @@ void svr_auth_password(int valid_user) {
 	}
 
 	password = buf_getstring(ses.payload, &passwordlen);
-	if (valid_user) {
+	if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) {
 		/* the first bytes of passwdcrypt are the salt */
 		passwdcrypt = ses.authstate.pw_passwd;
 		testcrypt = crypt(password, passwdcrypt);
@@ -80,6 +80,15 @@ void svr_auth_password(int valid_user) {
 		return;
 	}
 
+	if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) {
+		dropbear_log(LOG_WARNING,
+				"Too-long password attempt for '%s' from %s",
+				ses.authstate.pw_name,
+				svr_ses.addrstring);
+		send_msg_userauth_failure(0, 1);
+		return;
+	}
+
 	if (testcrypt == NULL) {
 		/* crypt() with an invalid salt like "!!" */
 		dropbear_log(LOG_WARNING, "User account '%s' is locked",
author	Matt Johnston <matt@ucc.asn.au>	2019-03-21 00:09:07 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2019-03-21 00:09:07 +0800
commit	ff97e856b6d13eb20aaac0493fa6921b466a64a3 (patch)
tree	c801474783f49a494785a1e24eee693d23e0437d /svr-authpasswd.c
parent	7d58dba5280ff0004b5474da9d01f4580dc677b2 (diff)
download	dropbear-ff97e856b6d13eb20aaac0493fa6921b466a64a3.tar.gz