Unbreak gssapi rekeying (#1624344)

2018-08-31 13:26:27 +02:00 · 2018-08-31 13:26:27 +02:00 · dba154f20c
commit dba154f20c
parent 90edc0cc1d
1 changed files with 28 additions and 1 deletions
--- a/openssh-7.8p1-gsskex.patch
+++ b/openssh-7.8p1-gsskex.patch
@ -2467,7 +2467,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
 +	 * 'null' hostkey, as a last resort */
 +	if (options.gss_keyex && gss) {
 +		orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
-+		xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], 
+		xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
 +		    "%s,null", orig);
 +		free(gss);
 +	}
@ -2874,4 +2874,31 @@ diff -up openssh/sshkey.h.gsskex openssh/sshkey.h
 +	KEY_NULL,
 	KEY_UNSPEC
 };
+
+--- openssh/sshconnect2.c.orig  2017-01-04 19:47:10.000000000 +0100
+++ openssh/sshconnect2.c       2017-01-05 04:13:08.977425272 +0100
+@@ -344,7 +344,6 @@
+ 		orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
+ 		xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
+ 		    "%s,null", orig);
+-		free(gss);
+ 	}
+ #endif
+ 
+@@ -398,6 +397,16 @@
+ 	/* remove ext-info from the KEX proposals for rekeying */
+ 	myproposal[PROPOSAL_KEX_ALGS] =
+ 	    compat_kex_proposal(options.kex_algorithms);
+#ifdef GSSAPI
+	/* repair myproposal after it was crumpled by the */
+	/* ext-info removal above */
+	if (gss) {
+		orig = myproposal[PROPOSAL_KEX_ALGS];
+		xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
+		    "%s,%s", gss, orig);
+		free(gss);
+	}
+#endif
+ 	if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
+ 		fatal("kex_prop2buf: %s", ssh_err(r));