]> CyberLeo.Net >> Repos - FreeBSD/stable/10.git/commit
projects / FreeBSD / stable / 10.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 110e98f) | patch
Apply upstream fix:
authordelphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Thu, 10 Aug 2017 06:36:37 +0000 (06:36 +0000)
committerdelphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Thu, 10 Aug 2017 06:36:37 +0000 (06:36 +0000)
commit82d24bec3430077435648ea6b8929fe1e193c600
tree732f2b05f1a67c596ef5ae6cb1b072ecb4b957cdtree | snapshot
parent110e98f4c5f12623eb8bb9f696287bc921c166fecommit | diff
Apply upstream fix:

Skip passwords longer than 1k in length so clients can't
easily DoS sshd by sending very long passwords, causing it to spend CPU
hashing them. feedback djm@, ok markus@.

Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org

Security: CVE-2016-6515
Security: FreeBSD-SA-17:06.openssh

git-svn-id: svn://svn.freebsd.org/base/stable/10@322341 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
crypto/openssh/auth-passwd.c diff | blob | history
10-STABLE