Skip to content

wolfSSHd Shadow Fix#504

Merged
dgarske merged 1 commit intowolfSSL:masterfrom
ejohnstown:shadowfix
Mar 24, 2023
Merged

wolfSSHd Shadow Fix#504
dgarske merged 1 commit intowolfSSL:masterfrom
ejohnstown:shadowfix

Conversation

@ejohnstown
Copy link
Copy Markdown
Contributor

@ejohnstown ejohnstown commented Mar 24, 2023
edited
Loading

  1. Checking the string returned from crypt() to make sure it isn't a "*".
  2. Checking the lengths of the strings when checking the password.

Testing:

./configure --enable-sshd --enable-sftp --with-wolfssl=<path>
make
cd apps/wolfsshd
touch sshd_config
sudo ./wolfsshd -p 22222 -h <path-to>/wolfssh/keys/server-key-ecc.pem -f ./sshd_config
sudo adduser --diabled-password foo
ssh -p 22222 foo@localhost
<enter random, should fail>
sudo passwd foo
<set a password>
ssh -p 22222 foo@local
<enter random, should fail>
ssh -p 22222 foo@local
<enter password, should login, logout>
sudo passwd -l foo
ssh -p 22222 foo@localhost
<enter password, should fail>

@ejohnstown ejohnstown requested a review from dgarske March 24, 2023 19:13
@ejohnstown
wolfSSHd Shadow Fix
f74c2db 
1. Checking the string returned from crypt() to make sure it isn't a
   "*".
2. Checking the lengths of the strings when checking the password.
@ejohnstown ejohnstown requested a review from dgarske March 24, 2023 21:16
@dgarske dgarske merged commit 07f901d into wolfSSL:master Mar 24, 2023
@ejohnstown ejohnstown deleted the shadowfix branch March 24, 2023 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske Awaiting requested review from dgarske

Assignees

@dgarske dgarske

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ejohnstown @dgarske