Unbreak gssapi rekeying (#1624344)

This commit is contained in:
Jakub Jelen 2018-08-31 13:26:27 +02:00
parent 90edc0cc1d
commit dba154f20c

View File

@ -2467,7 +2467,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
+ * 'null' hostkey, as a last resort */
+ if (options.gss_keyex && gss) {
+ orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
+ xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
+ xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
+ "%s,null", orig);
+ free(gss);
+ }
@ -2874,4 +2874,31 @@ diff -up openssh/sshkey.h.gsskex openssh/sshkey.h
+ KEY_NULL,
KEY_UNSPEC
};
--- openssh/sshconnect2.c.orig 2017-01-04 19:47:10.000000000 +0100
+++ openssh/sshconnect2.c 2017-01-05 04:13:08.977425272 +0100
@@ -344,7 +344,6 @@
orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
"%s,null", orig);
- free(gss);
}
#endif
@@ -398,6 +397,16 @@
/* remove ext-info from the KEX proposals for rekeying */
myproposal[PROPOSAL_KEX_ALGS] =
compat_kex_proposal(options.kex_algorithms);
+#ifdef GSSAPI
+ /* repair myproposal after it was crumpled by the */
+ /* ext-info removal above */
+ if (gss) {
+ orig = myproposal[PROPOSAL_KEX_ALGS];
+ xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
+ "%s,%s", gss, orig);
+ free(gss);
+ }
+#endif
if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
fatal("kex_prop2buf: %s", ssh_err(r));