]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7fa36a1) | patch
Apply upstream fix:
authordelphij <delphij@FreeBSD.org>
Thu, 10 Aug 2017 06:36:37 +0000 (06:36 +0000)
committerdelphij <delphij@FreeBSD.org>
Thu, 10 Aug 2017 06:36:37 +0000 (06:36 +0000)
commit4268d8e71d9c42494826885f83f685b02b9353cc
treedc5da25a29f415c2b2632672858b1118bca607c0tree | snapshot
parent7fa36a1ea4124e7ecdcd10155a1df4bac2e0e774commit | diff
Apply upstream fix:

Skip passwords longer than 1k in length so clients can't
easily DoS sshd by sending very long passwords, causing it to spend CPU
hashing them. feedback djm@, ok markus@.

Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org

Security: CVE-2016-6515
Security: FreeBSD-SA-17:06.openssh
crypto/openssh/auth-passwd.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.