CVSROOT: /cvs Module name: src Changes by: dtuc...@cvs.openbsd.org 2016/07/20 19:39:35
Modified files:
usr.bin/ssh : auth-passwd.c
Log message:
Skip passwords longer than 1k in length so clients can't easily DoS sshd
by sending very long passwords, causing it to spend CPU hashing them.
feedback djm@, ok markus@.
Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org
