summaryrefslogtreecommitdiff
path: root/auth2-gss.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-07-10 09:13:30 +0000
committerDamien Miller <djm@mindrot.org>2018-07-10 19:15:35 +1000
commit0f3958c1e6ffb8ea4ba27e2a97a00326fce23246 (patch)
treef2538c652ca620a254578a088ff0f5eb2e36d9dd /auth2-gss.c
parentc74ae8e7c45f325f3387abd48fa7dfef07a08069 (diff)
upstream: kerberos/gssapi fixes for buffer removal
OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
Diffstat (limited to 'auth2-gss.c')
-rw-r--r--auth2-gss.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/auth2-gss.c b/auth2-gss.c
index a6f2a7125..47308c5ce 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-gss.c,v 1.27 2018/07/09 21:37:55 markus Exp $ */ 1/* $OpenBSD: auth2-gss.c,v 1.28 2018/07/10 09:13:30 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -204,15 +204,18 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
204 gss_buffer_desc recv_tok; 204 gss_buffer_desc recv_tok;
205 OM_uint32 maj_status; 205 OM_uint32 maj_status;
206 int r; 206 int r;
207 u_char *p;
208 size_t len;
207 209
208 if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) 210 if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
209 fatal("No authentication or GSSAPI context"); 211 fatal("No authentication or GSSAPI context");
210 212
211 gssctxt = authctxt->methoddata; 213 gssctxt = authctxt->methoddata;
212 if ((r = sshpkt_get_string(ssh, 214 if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
213 &recv_tok.value, &recv_tok.length)) != 0 ||
214 (r = sshpkt_get_end(ssh)) != 0) 215 (r = sshpkt_get_end(ssh)) != 0)
215 fatal("%s: %s", __func__, ssh_err(r)); 216 fatal("%s: %s", __func__, ssh_err(r));
217 recv_tok.value = p;
218 recv_tok.length = len;
216 219
217 /* Push the error token into GSSAPI to see what it says */ 220 /* Push the error token into GSSAPI to see what it says */
218 maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, 221 maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
@@ -240,7 +243,7 @@ static int
240input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) 243input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
241{ 244{
242 Authctxt *authctxt = ssh->authctxt; 245 Authctxt *authctxt = ssh->authctxt;
243 int authenticated; 246 int r, authenticated;
244 const char *displayname; 247 const char *displayname;
245 248
246 if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) 249 if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
@@ -278,16 +281,20 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
278 struct sshbuf *b; 281 struct sshbuf *b;
279 gss_buffer_desc mic, gssbuf; 282 gss_buffer_desc mic, gssbuf;
280 const char *displayname; 283 const char *displayname;
284 u_char *p;
285 size_t len;
281 286
282 if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) 287 if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
283 fatal("No authentication or GSSAPI context"); 288 fatal("No authentication or GSSAPI context");
284 289
285 gssctxt = authctxt->methoddata; 290 gssctxt = authctxt->methoddata;
286 291
287 if ((r = sshpkt_get_string(ssh, &mic.value, &mic.length)) != 0) 292 if ((r = sshpkt_get_string(ssh, &p, &len)) != 0)
288 fatal("%s: %s", __func__, ssh_err(r)); 293 fatal("%s: %s", __func__, ssh_err(r));
289 if ((b = sshbuf_new()) == NULL) 294 if ((b = sshbuf_new()) == NULL)
290 fatal("%s: sshbuf_new failed", __func__); 295 fatal("%s: sshbuf_new failed", __func__);
296 mic.value = p;
297 mic.length = len;
291 ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, 298 ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
292 "gssapi-with-mic"); 299 "gssapi-with-mic");
293 300
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 14:58:43 +0000