diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-07-10 09:13:30 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-10 19:15:35 +1000 |
commit | 0f3958c1e6ffb8ea4ba27e2a97a00326fce23246 (patch) | |
tree | f2538c652ca620a254578a088ff0f5eb2e36d9dd /monitor.c | |
parent | c74ae8e7c45f325f3387abd48fa7dfef07a08069 (diff) |
upstream: kerberos/gssapi fixes for buffer removal
OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 15 |
1 files changed, 9 insertions, 6 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.183 2018/07/09 21:53:45 markus Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.184 2018/07/10 09:13:30 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -1795,13 +1795,15 @@ mm_answer_gss_setup_ctx(int sock, struct sshbuf *m) | |||
1795 | gss_OID_desc goid; | 1795 | gss_OID_desc goid; |
1796 | OM_uint32 major; | 1796 | OM_uint32 major; |
1797 | size_t len; | 1797 | size_t len; |
1798 | u_char *p; | ||
1798 | int r; | 1799 | int r; |
1799 | 1800 | ||
1800 | if (!options.gss_authentication) | 1801 | if (!options.gss_authentication) |
1801 | fatal("%s: GSSAPI authentication not enabled", __func__); | 1802 | fatal("%s: GSSAPI authentication not enabled", __func__); |
1802 | 1803 | ||
1803 | if ((r = sshbuf_get_string(m, &goid.elements, &len)) != 0) | 1804 | if ((r = sshbuf_get_string(m, &p, &len)) != 0) |
1804 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 1805 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
1806 | goid.elements = p; | ||
1805 | goid.length = len; | 1807 | goid.length = len; |
1806 | 1808 | ||
1807 | major = ssh_gssapi_server_ctx(&gsscontext, &goid); | 1809 | major = ssh_gssapi_server_ctx(&gsscontext, &goid); |
@@ -1832,7 +1834,7 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m) | |||
1832 | if (!options.gss_authentication) | 1834 | if (!options.gss_authentication) |
1833 | fatal("%s: GSSAPI authentication not enabled", __func__); | 1835 | fatal("%s: GSSAPI authentication not enabled", __func__); |
1834 | 1836 | ||
1835 | if ((r = sshbuf_get_string(m, &in.value, &in.length)) != 0) | 1837 | if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) |
1836 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 1838 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
1837 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 1839 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
1838 | free(in.value); | 1840 | free(in.value); |
@@ -1859,12 +1861,13 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m) | |||
1859 | { | 1861 | { |
1860 | gss_buffer_desc gssbuf, mic; | 1862 | gss_buffer_desc gssbuf, mic; |
1861 | OM_uint32 ret; | 1863 | OM_uint32 ret; |
1864 | int r; | ||
1862 | 1865 | ||
1863 | if (!options.gss_authentication) | 1866 | if (!options.gss_authentication) |
1864 | fatal("%s: GSSAPI authentication not enabled", __func__); | 1867 | fatal("%s: GSSAPI authentication not enabled", __func__); |
1865 | 1868 | ||
1866 | if ((r = sshbuf_get_string(m, &gssbuf.value, &gssbuf.length)) != 0 || | 1869 | if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || |
1867 | (r = sshbuf_get_string(m, &mic.value, &mic.length)) != 0) | 1870 | (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) |
1868 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 1871 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
1869 | 1872 | ||
1870 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); | 1873 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); |
@@ -1887,7 +1890,7 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m) | |||
1887 | int | 1890 | int |
1888 | mm_answer_gss_userok(int sock, struct sshbuf *m) | 1891 | mm_answer_gss_userok(int sock, struct sshbuf *m) |
1889 | { | 1892 | { |
1890 | int authenticated; | 1893 | int r, authenticated; |
1891 | const char *displayname; | 1894 | const char *displayname; |
1892 | 1895 | ||
1893 | if (!options.gss_authentication) | 1896 | if (!options.gss_authentication) |