limit password length to 100

2025-02-07 05:17:28 +00:00 · 2019-03-21 00:09:07 +08:00 · 2019-03-21 00:09:07 +08:00 · 8b4f60a7a1
commit 8b4f60a7a1
parent 01cd1bd11f
2 changed files with 12 additions and 1 deletions
--- a/svr-authpasswd.c
+++ b/svr-authpasswd.c
@ -65,7 +65,7 @@ void svr_auth_password(int valid_user) {
 	}

 	password = buf_getstring(ses.payload, &passwordlen);
-	if (valid_user) {
+	if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) {
 		/* the first bytes of passwdcrypt are the salt */
 		passwdcrypt = ses.authstate.pw_passwd;
 		testcrypt = crypt(password, passwdcrypt);
@ -80,6 +80,15 @@ void svr_auth_password(int valid_user) {
 		return;
 	}

+	if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) {
+		dropbear_log(LOG_WARNING,
+				"Too-long password attempt for '%s' from %s",
+				ses.authstate.pw_name,
+				svr_ses.addrstring);
+		send_msg_userauth_failure(0, 1);
+		return;
+	}
+
 	if (testcrypt == NULL) {
 		/* crypt() with an invalid salt like "!!" */
 		dropbear_log(LOG_WARNING, "User account '%s' is locked",
--- a/sysoptions.h
+++ b/sysoptions.h
@ -86,6 +86,8 @@
 /* Required for pubkey auth */
 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT))

+#define DROPBEAR_MAX_PASSWORD_LEN 100
+
 #define SHA1_HASH_SIZE 20
 #define MD5_HASH_SIZE 16
 #define MAX_HASH_SIZE 64 /* sha512 */