artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6747d0f) | patch
Skip passwords longer than 1k in length so clients can't easily DoS sshd
authordtucker <dtucker@openbsd.org>
Thu, 21 Jul 2016 01:39:35 +0000 (01:39 +0000)
committerdtucker <dtucker@openbsd.org>
Thu, 21 Jul 2016 01:39:35 +0000 (01:39 +0000)
commit66ea199ae4ce8e8b637f464d8bfcce1915f4ac24
tree21c7c2fc9fc9f45cedd3b533bd1a7f0918b7f804tree | snapshot
parent6747d0f353c368d38f939752a67be384c74434e5commit | diff
Skip passwords longer than 1k in length so clients can't easily DoS sshd
by sending very long passwords, causing it to spend CPU hashing them.
feedback djm@, ok markus@.

Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org
usr.bin/ssh/auth-passwd.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim