1 files changed, 14 insertions, 2 deletions

diff --git a/auth-krb4.c b/auth-krb4.c
index 799cf261a..21a9625e3 100644
--- a/auth-krb4.c
+++ b/auth-krb4.c
@@ -28,7 +28,7 @@
 #include "ssh.h"
 #include "servconf.h"
 
-RCSID("$OpenBSD: auth-krb4.c,v 1.18 2000/09/07 20:27:49 deraadt Exp $");
+RCSID("$OpenBSD: auth-krb4.c,v 1.19 2000/10/03 18:03:02 markus Exp $");
 
 #ifdef KRB4
 char *ticket = NULL;
@@ -280,6 +280,8 @@ auth_kerberos_tgt(struct passwd *pw, const char *string)
 {
         CREDENTIALS creds;
 
+        if (pw == NULL)
+                goto auth_kerberos_tgt_failure;
         if (!radix_to_creds(string, &creds)) {
                 log("Protocol error decoding Kerberos V4 tgt");
                 packet_send_debug("Protocol error decoding Kerberos V4 tgt");
@@ -334,8 +336,16 @@ int
 auth_afs_token(struct passwd *pw, const char *token_string)
 {
         CREDENTIALS creds;
-        uid_t uid = pw->pw_uid;
+        uid_t uid;
 
+        if (pw == NULL) {
+                /* XXX fake protocol error */
+                packet_send_debug("Protocol error decoding AFS token");
+                packet_start(SSH_SMSG_FAILURE);
+                packet_send();
+                packet_write_wait();
+                return 0;
+        }
         if (!radix_to_creds(token_string, &creds)) {
                 log("Protocol error decoding AFS token");
                 packet_send_debug("Protocol error decoding AFS token");
@@ -349,6 +359,8 @@ auth_afs_token(struct passwd *pw, const char *token_string)
 
         if (strncmp(creds.pname, "AFS ID ", 7) == 0)
                 uid = atoi(creds.pname + 7);
+        else
+                uid = pw->pw_uid;
 
         if (kafs_settoken(creds.realm, uid, &creds)) {
                 log("AFS token (%s@%s) rejected for %s", creds.pname, creds.realm,