- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with

[openssh.git] / auth1.c

diff --git a/auth1.c b/auth1.c
index e7d744f6eef00dbf6f4aa7aac9bfaeb7908703af..5086a47c30976ac6b36474b433b6bfa34daaf1bb 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -73,7 +73,7 @@ do_authloop(Authctxt *authctxt)
        char info[1024];
        u_int dlen;
        u_int ulen;
-       int type = 0;
+       int prev, type = 0;
        struct passwd *pw = authctxt->pw;
 
        debug("Attempting authentication for %s%.100s.",
@@ -103,8 +103,20 @@ do_authloop(Authctxt *authctxt)
                info[0] = '\0';
 
                /* Get a packet from the client. */
+               prev = type;
                type = packet_read();
 
+               /*
+                * If we started challenge-response authentication but the
+                * next packet is not a response to our challenge, release
+                * the resources allocated by get_challenge() (which would
+                * normally have been released by verify_response() had we
+                * received such a response)
+                */
+               if (prev == SSH_CMSG_AUTH_TIS &&
+                   type != SSH_CMSG_AUTH_TIS_RESPONSE)
+                       abandon_challenge_response(authctxt);
+
                /* Process the packet. */
                switch (type) {