Overview

File openssh-4.1p1-gssapi-secfix.patch of Package opensuse

--- gss-serv.c
+++ gss-serv.c
@@ -275,13 +275,24 @@
 int
 ssh_gssapi_userok(char *user)
 {
+	OM_uint32 lmin;
+	
 	if (gssapi_client.exportedname.length == 0 ||
 	    gssapi_client.exportedname.value == NULL) {
 		debug("No suitable client data");
 		return 0;
 	}
 	if (gssapi_client.mech && gssapi_client.mech->userok)
-		return ((*gssapi_client.mech->userok)(&gssapi_client, user));
+        if ((*gssapi_client.mech->userok)(&gssapi_client, user))
+            return 1;
+        else {
+            /* Destroy delegated credentials if userok fails */
+            gss_release_buffer(&lmin, &gssapi_client.displayname);
+            gss_release_buffer(&lmin, &gssapi_client.exportedname);
+            gss_release_cred(&lmin, &gssapi_client.creds);
+            memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
+            return 0;
+        }
 	else
 		debug("ssh_gssapi_userok: Unknown GSSAPI mechanism");
 	return (0);
--- sshconnect2.c
+++ sshconnect2.c
@@ -548,7 +548,8 @@
 	Authctxt *authctxt = ctxt;
 	Gssctxt *gssctxt = authctxt->methoddata;
 	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
-	gss_buffer_desc gssbuf, mic;
+	gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc gssbuf;
 	OM_uint32 status, ms, flags;
 	Buffer b;
openSUSE Build Service is sponsored by
Places