Marco Trevisan
2025-Feb-13 16:42 UTC
[PATCH] auth2-chall: Fix selection of the keyboard-interactive device
From: Marco Trevisan (Trevi?o) <mail at 3v1n0.net> We were only checking if the prefix of a device name was matching what we had in the devices list, so if the device list contained "pam", then also the device "pam-foo" was matching. --- auth2-chall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth2-chall.c b/auth2-chall.c index 021df8291..52d38e2ef 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -170,7 +170,7 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) "keyboard-interactive", devices[i]->name)) continue; if (strncmp(kbdintctxt->devices, devices[i]->name, - len) == 0) { + len) == 0 && strlen(devices[i]->name) == len) { kbdintctxt->device = devices[i]; kbdintctxt->devices_done |= 1 << i; } -- 2.34.1
Possibly Parallel Threads
- [PATCH 1/4] auth: Add KbdintResult definition to define result values explicitly
- [PATCH 0/4] [PATCH] Immediately report interactive instructions
- [PATCH] kbdintctxt->nreq test
- Puzzled about PAM support in OpenSSH-3.7.1p2
- [Bug 2410] New: auth-chall.c - "<stdarg.h>" #included twice