openssh bugs - Nov 2018 - [Bug 2933] New: MaxAuthTries validation incorrect

https://bugzilla.mindrot.org/show_bug.cgi?id=2933

            Bug ID: 2933
           Summary: MaxAuthTries validation incorrect
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: me at petetravis.com

I have a system where MaxAuthTries has been administratively
misinterpreted:

[pete9168 at workstation ~]$ sudo grep MaxAuthTries /etc/ssh/sshd_config 
MaxAuthTries yes

It passes the syntax validation check:

[pete9168 at workstation ~]$ sudo sshd -t && echo "EVERYTHING IS OK
HERE"
EVERYTHING IS OK HERE

The daemon does not receive a valid integer for MaxAuthTries and seems
to interpret a maximum attempt count of zero:

[pete9168 at workstation ~]$ ssh localhost
Received disconnect from ::1 port 22:2: Too many authentication
failures
Disconnected from ::1 port 22

Please adjust `sshd -t` such that MaxAuthTries requires an integer > 0
to pass.

I initially observed this behavior with
openssh-server-1:6.6p1-2ubuntu2.11, the above validation is from
openssh-server-7.6p1-6.fc27.x86_64 .

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2933

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This has already been fixed in the openssh-7.7 release via the
following commit:

commit 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Tue Dec 5 23:59:47 2017 +0000

    upstream commit

    Replace atoi and strtol conversions for integer arguments
    to config keywords with a checking wrapper around strtonum.  This
will
    prevent and flag invalid and negative arguments to these keywords. 
ok djm@

    OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2933

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Move resolved bugs -> CLOSED after 8.0 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.