Unbreak gssapi rekeying (#1624344)
This commit is contained in:
parent
90edc0cc1d
commit
dba154f20c
@ -2467,7 +2467,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
|
||||
+ * 'null' hostkey, as a last resort */
|
||||
+ if (options.gss_keyex && gss) {
|
||||
+ orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
|
||||
+ xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
||||
+ xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
||||
+ "%s,null", orig);
|
||||
+ free(gss);
|
||||
+ }
|
||||
@ -2874,4 +2874,31 @@ diff -up openssh/sshkey.h.gsskex openssh/sshkey.h
|
||||
+ KEY_NULL,
|
||||
KEY_UNSPEC
|
||||
};
|
||||
|
||||
--- openssh/sshconnect2.c.orig 2017-01-04 19:47:10.000000000 +0100
|
||||
+++ openssh/sshconnect2.c 2017-01-05 04:13:08.977425272 +0100
|
||||
@@ -344,7 +344,6 @@
|
||||
orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
|
||||
xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
||||
"%s,null", orig);
|
||||
- free(gss);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -398,6 +397,16 @@
|
||||
/* remove ext-info from the KEX proposals for rekeying */
|
||||
myproposal[PROPOSAL_KEX_ALGS] =
|
||||
compat_kex_proposal(options.kex_algorithms);
|
||||
+#ifdef GSSAPI
|
||||
+ /* repair myproposal after it was crumpled by the */
|
||||
+ /* ext-info removal above */
|
||||
+ if (gss) {
|
||||
+ orig = myproposal[PROPOSAL_KEX_ALGS];
|
||||
+ xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
|
||||
+ "%s,%s", gss, orig);
|
||||
+ free(gss);
|
||||
+ }
|
||||
+#endif
|
||||
if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
|
||||
fatal("kex_prop2buf: %s", ssh_err(r));
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user