diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-07-31 03:10:27 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2018-08-17 12:29:54 +0100 |
commit | c4ca1497658e0508e8595ad74978c07bc92a18e3 (patch) | |
tree | 5fa70ab6ec0dab7dbda6f686afa8e3321f0114df /auth2-gss.c | |
parent | 60256f28189c3d0650a78e737eb0ca4753478a4b (diff) |
upstream: delay bailout for invalid authenticating user
... until after the packet containing the request has been fully parsed.
Reported by Dariusz Tytko and MichaĆ Sajdak; ok deraadt
OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
Origin: backport, http://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
Bug-Debian: https://bugs.debian.org/906236
Last-Update: 2018-08-17
Patch-Name: upstream-delay-bailout-for-invalid-authenticating-user.patch
Diffstat (limited to 'auth2-gss.c')
-rw-r--r-- | auth2-gss.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/auth2-gss.c b/auth2-gss.c index fd411d3a7..88bc3ae7b 100644 --- a/auth2-gss.c +++ b/auth2-gss.c | |||
@@ -104,9 +104,6 @@ userauth_gssapi(struct ssh *ssh) | |||
104 | u_int len; | 104 | u_int len; |
105 | u_char *doid = NULL; | 105 | u_char *doid = NULL; |
106 | 106 | ||
107 | if (!authctxt->valid || authctxt->user == NULL) | ||
108 | return (0); | ||
109 | |||
110 | mechs = packet_get_int(); | 107 | mechs = packet_get_int(); |
111 | if (mechs == 0) { | 108 | if (mechs == 0) { |
112 | debug("Mechanism negotiation is not supported"); | 109 | debug("Mechanism negotiation is not supported"); |
@@ -137,6 +134,12 @@ userauth_gssapi(struct ssh *ssh) | |||
137 | return (0); | 134 | return (0); |
138 | } | 135 | } |
139 | 136 | ||
137 | if (!authctxt->valid || authctxt->user == NULL) { | ||
138 | debug2("%s: disabled because of invalid user", __func__); | ||
139 | free(doid); | ||
140 | return (0); | ||
141 | } | ||
142 | |||
140 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { | 143 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { |
141 | if (ctxt != NULL) | 144 | if (ctxt != NULL) |
142 | ssh_gssapi_delete_ctx(&ctxt); | 145 | ssh_gssapi_delete_ctx(&ctxt); |