CVSROOT: /cvs Module name: src Changes by: dtuc...@cvs.openbsd.org 2016/07/20 19:39:35
Modified files: usr.bin/ssh : auth-passwd.c Log message: Skip passwords longer than 1k in length so clients can't easily DoS sshd by sending very long passwords, causing it to spend CPU hashing them. feedback djm@, ok markus@. Brought to our attention by tomas.kuthan at oracle.com, shilei-c at 360.cn and coredump at autistici.org