diff options
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 40 |
1 files changed, 16 insertions, 24 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 6e61a353d..f991f81d8 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.128 2003/10/26 16:57:43 avsm Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.129 2003/11/02 11:01:03 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include "openbsd-compat/sys-queue.h" | 28 | #include "openbsd-compat/sys-queue.h" |
| 29 | 29 | ||
| @@ -519,17 +519,11 @@ userauth_gssapi(Authctxt *authctxt) | |||
| 519 | 519 | ||
| 520 | packet_put_int(1); | 520 | packet_put_int(1); |
| 521 | 521 | ||
| 522 | /* Some servers encode the OID incorrectly (as we used to) */ | 522 | packet_put_int((gss_supported->elements[mech].length) + 2); |
| 523 | if (datafellows & SSH_BUG_GSSAPI_BER) { | 523 | packet_put_char(SSH_GSS_OIDTYPE); |
| 524 | packet_put_string(gss_supported->elements[mech].elements, | 524 | packet_put_char(gss_supported->elements[mech].length); |
| 525 | gss_supported->elements[mech].length); | 525 | packet_put_raw(gss_supported->elements[mech].elements, |
| 526 | } else { | 526 | gss_supported->elements[mech].length); |
| 527 | packet_put_int((gss_supported->elements[mech].length)+2); | ||
| 528 | packet_put_char(SSH_GSS_OIDTYPE); | ||
| 529 | packet_put_char(gss_supported->elements[mech].length); | ||
| 530 | packet_put_raw(gss_supported->elements[mech].elements, | ||
| 531 | gss_supported->elements[mech].length); | ||
| 532 | } | ||
| 533 | 527 | ||
| 534 | packet_send(); | 528 | packet_send(); |
| 535 | 529 | ||
| @@ -560,20 +554,18 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
| 560 | /* Setup our OID */ | 554 | /* Setup our OID */ |
| 561 | oidv = packet_get_string(&oidlen); | 555 | oidv = packet_get_string(&oidlen); |
| 562 | 556 | ||
| 563 | if (datafellows & SSH_BUG_GSSAPI_BER) { | 557 | if (oidlen <= 2 || |
| 564 | if (!ssh_gssapi_check_oid(gssctxt, oidv, oidlen)) | 558 | oidv[0] != SSH_GSS_OIDTYPE || |
| 565 | fatal("Server returned different OID than expected"); | 559 | oidv[1] != oidlen - 2) { |
| 566 | } else { | 560 | debug("Badly encoded mechanism OID received"); |
| 567 | if(oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen-2) { | 561 | userauth(authctxt, NULL); |
| 568 | debug("Badly encoded mechanism OID received"); | 562 | xfree(oidv); |
| 569 | userauth(authctxt, NULL); | 563 | return; |
| 570 | xfree(oidv); | ||
| 571 | return; | ||
| 572 | } | ||
| 573 | if (!ssh_gssapi_check_oid(gssctxt, oidv+2, oidlen-2)) | ||
| 574 | fatal("Server returned different OID than expected"); | ||
| 575 | } | 564 | } |
| 576 | 565 | ||
| 566 | if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2)) | ||
| 567 | fatal("Server returned different OID than expected"); | ||
| 568 | |||
| 577 | packet_check_eom(); | 569 | packet_check_eom(); |
| 578 | 570 | ||
| 579 | xfree(oidv); | 571 | xfree(oidv); |