From 90edc0cc1d2d56b40811b5e9be0fe39ca48e1367 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 31 Aug 2018 11:01:22 +0200 Subject: [PATCH] Properly allocate buffer for gsskex (#1624323) --- openssh-7.8p1-gsskex.patch | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/openssh-7.8p1-gsskex.patch b/openssh-7.8p1-gsskex.patch index dd10d4d..a41925e 100644 --- a/openssh-7.8p1-gsskex.patch +++ b/openssh-7.8p1-gsskex.patch @@ -28,7 +28,7 @@ diff -up openssh/auth2-gss.c.gsskex openssh/auth2-gss.c #include "xmalloc.h" #include "sshkey.h" -@@ -54,6 +55,41 @@ static int input_gssapi_mic(int type, u_ +@@ -54,6 +55,44 @@ static int input_gssapi_mic(int type, u_ static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh); static int input_gssapi_errtok(int, u_int32_t, struct ssh *); @@ -49,6 +49,9 @@ diff -up openssh/auth2-gss.c.gsskex openssh/auth2-gss.c + + packet_check_eom(); + ++ if ((b = sshbuf_new()) == NULL) ++ fatal("%s: sshbuf_new failed", __func__); ++ + ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, + "gssapi-keyex"); + @@ -2559,7 +2562,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c ok = 1; /* Mechanism works */ } else { mech++; -@@ -906,6 +1098,48 @@ input_gssapi_error(int type, u_int32_t p +@@ -906,6 +1098,51 @@ input_gssapi_error(int type, u_int32_t p free(lang); return r; } @@ -2581,6 +2584,9 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c + return (0); + } + ++ if ((b = sshbuf_new()) == NULL) ++ fatal("%s: sshbuf_new failed", __func__); ++ + ssh_gssapi_buildmic(b, authctxt->server_user, authctxt->service, + "gssapi-keyex"); +