From c4ca1497658e0508e8595ad74978c07bc92a18e3 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Tue, 31 Jul 2018 03:10:27 +0000
Subject: upstream: delay bailout for invalid authenticating user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

... until after the packet containing the request has been fully parsed.
Reported by Dariusz Tytko and Michał Sajdak; ok deraadt

OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d

Origin: backport, http://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
Bug-Debian: https://bugs.debian.org/906236
Last-Update: 2018-08-17

Patch-Name: upstream-delay-bailout-for-invalid-authenticating-user.patch
---
 auth2-gss.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'auth2-gss.c')

diff --git a/auth2-gss.c b/auth2-gss.c
index fd411d3a7..88bc3ae7b 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -104,9 +104,6 @@ userauth_gssapi(struct ssh *ssh)
 	u_int len;
 	u_char *doid = NULL;
 
-	if (!authctxt->valid || authctxt->user == NULL)
-		return (0);
-
 	mechs = packet_get_int();
 	if (mechs == 0) {
 		debug("Mechanism negotiation is not supported");
@@ -137,6 +134,12 @@ userauth_gssapi(struct ssh *ssh)
 		return (0);
 	}
 
+	if (!authctxt->valid || authctxt->user == NULL) {
+		debug2("%s: disabled because of invalid user", __func__);
+		free(doid);
+		return (0);
+	}
+
 	if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
 		if (ctxt != NULL)
 			ssh_gssapi_delete_ctx(&ctxt);
-- 
cgit v1.2.3