diff options
Diffstat (limited to 'gss-serv.c')
-rw-r--r-- | gss-serv.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/gss-serv.c b/gss-serv.c index 95348e251..e61b37bec 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.26 2014/02/26 20:28:44 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
@@ -66,6 +66,25 @@ ssh_gssapi_mech* supported_mechs[]= { | |||
66 | &gssapi_null_mech, | 66 | &gssapi_null_mech, |
67 | }; | 67 | }; |
68 | 68 | ||
69 | /* | ||
70 | * ssh_gssapi_supported_oids() can cause sandbox violations, so prepare the | ||
71 | * list of supported mechanisms before privsep is set up. | ||
72 | */ | ||
73 | static gss_OID_set supported_oids; | ||
74 | |||
75 | void | ||
76 | ssh_gssapi_prepare_supported_oids(void) | ||
77 | { | ||
78 | ssh_gssapi_supported_oids(&supported_oids); | ||
79 | } | ||
80 | |||
81 | OM_uint32 | ||
82 | ssh_gssapi_test_oid_supported(OM_uint32 *ms, gss_OID member, int *present) | ||
83 | { | ||
84 | if (supported_oids == NULL) | ||
85 | ssh_gssapi_prepare_supported_oids(); | ||
86 | return gss_test_oid_set_member(ms, member, supported_oids, present); | ||
87 | } | ||
69 | 88 | ||
70 | /* | 89 | /* |
71 | * Acquire credentials for a server running on the current host. | 90 | * Acquire credentials for a server running on the current host. |
@@ -346,7 +365,8 @@ ssh_gssapi_userok(char *user) | |||
346 | gss_release_buffer(&lmin, &gssapi_client.displayname); | 365 | gss_release_buffer(&lmin, &gssapi_client.displayname); |
347 | gss_release_buffer(&lmin, &gssapi_client.exportedname); | 366 | gss_release_buffer(&lmin, &gssapi_client.exportedname); |
348 | gss_release_cred(&lmin, &gssapi_client.creds); | 367 | gss_release_cred(&lmin, &gssapi_client.creds); |
349 | memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); | 368 | explicit_bzero(&gssapi_client, |
369 | sizeof(ssh_gssapi_client)); | ||
350 | return 0; | 370 | return 0; |
351 | } | 371 | } |
352 | else | 372 | else |