summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-07-10 09:13:30 +0000
committerDamien Miller <djm@mindrot.org>2018-07-10 19:15:35 +1000
commit0f3958c1e6ffb8ea4ba27e2a97a00326fce23246 (patch)
treef2538c652ca620a254578a088ff0f5eb2e36d9dd /monitor.c
parentc74ae8e7c45f325f3387abd48fa7dfef07a08069 (diff)
upstream: kerberos/gssapi fixes for buffer removal
OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/monitor.c b/monitor.c
index bf83f3b56..de650da2f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.183 2018/07/09 21:53:45 markus Exp $ */ 1/* $OpenBSD: monitor.c,v 1.184 2018/07/10 09:13:30 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1795,13 +1795,15 @@ mm_answer_gss_setup_ctx(int sock, struct sshbuf *m)
1795 gss_OID_desc goid; 1795 gss_OID_desc goid;
1796 OM_uint32 major; 1796 OM_uint32 major;
1797 size_t len; 1797 size_t len;
1798 u_char *p;
1798 int r; 1799 int r;
1799 1800
1800 if (!options.gss_authentication) 1801 if (!options.gss_authentication)
1801 fatal("%s: GSSAPI authentication not enabled", __func__); 1802 fatal("%s: GSSAPI authentication not enabled", __func__);
1802 1803
1803 if ((r = sshbuf_get_string(m, &goid.elements, &len)) != 0) 1804 if ((r = sshbuf_get_string(m, &p, &len)) != 0)
1804 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1805 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1806 goid.elements = p;
1805 goid.length = len; 1807 goid.length = len;
1806 1808
1807 major = ssh_gssapi_server_ctx(&gsscontext, &goid); 1809 major = ssh_gssapi_server_ctx(&gsscontext, &goid);
@@ -1832,7 +1834,7 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
1832 if (!options.gss_authentication) 1834 if (!options.gss_authentication)
1833 fatal("%s: GSSAPI authentication not enabled", __func__); 1835 fatal("%s: GSSAPI authentication not enabled", __func__);
1834 1836
1835 if ((r = sshbuf_get_string(m, &in.value, &in.length)) != 0) 1837 if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
1836 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1838 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1837 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 1839 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
1838 free(in.value); 1840 free(in.value);
@@ -1859,12 +1861,13 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m)
1859{ 1861{
1860 gss_buffer_desc gssbuf, mic; 1862 gss_buffer_desc gssbuf, mic;
1861 OM_uint32 ret; 1863 OM_uint32 ret;
1864 int r;
1862 1865
1863 if (!options.gss_authentication) 1866 if (!options.gss_authentication)
1864 fatal("%s: GSSAPI authentication not enabled", __func__); 1867 fatal("%s: GSSAPI authentication not enabled", __func__);
1865 1868
1866 if ((r = sshbuf_get_string(m, &gssbuf.value, &gssbuf.length)) != 0 || 1869 if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
1867 (r = sshbuf_get_string(m, &mic.value, &mic.length)) != 0) 1870 (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
1868 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1871 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1869 1872
1870 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); 1873 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
@@ -1887,7 +1890,7 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m)
1887int 1890int
1888mm_answer_gss_userok(int sock, struct sshbuf *m) 1891mm_answer_gss_userok(int sock, struct sshbuf *m)
1889{ 1892{
1890 int authenticated; 1893 int r, authenticated;
1891 const char *displayname; 1894 const char *displayname;
1892 1895
1893 if (!options.gss_authentication) 1896 if (!options.gss_authentication)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 10:05:13 +0000