Properly allocate buffer for gsskex (#1624323)

openssh-7.8p1-gsskex.patch

@@ -28,7 +28,7 @@ diff -up openssh/auth2-gss.c.gsskex openssh/auth2-gss.c
  
  #include "xmalloc.h"
  #include "sshkey.h"
-@@ -54,6 +55,41 @@ static int input_gssapi_mic(int type, u_
+@@ -54,6 +55,44 @@ static int input_gssapi_mic(int type, u_
  static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh);
  static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
  
@@ -49,6 +49,9 @@ diff -up openssh/auth2-gss.c.gsskex openssh/auth2-gss.c
 +
 +	packet_check_eom();
 +
++	if ((b = sshbuf_new()) == NULL)
++		fatal("%s: sshbuf_new failed", __func__);
++
 +	ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
 +	    "gssapi-keyex");
 +
@@ -2559,7 +2562,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
  			ok = 1; /* Mechanism works */
  		} else {
  			mech++;
-@@ -906,6 +1098,48 @@ input_gssapi_error(int type, u_int32_t p
+@@ -906,6 +1098,51 @@ input_gssapi_error(int type, u_int32_t p
  	free(lang);
  	return r;
  }
@@ -2581,6 +2584,9 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
 +		return (0);
 +	}
 +
++	if ((b = sshbuf_new()) == NULL)
++		fatal("%s: sshbuf_new failed", __func__);
++
 +	ssh_gssapi_buildmic(b, authctxt->server_user, authctxt->service,
 +	    "gssapi-keyex");
 +