diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2018-07-10 09:13:31 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2018-07-10 09:13:31 +0000 |
| commit | 97c750c8ac7f11958ff9231a3edf8d3e7da953f5 (patch) | |
| tree | 88f98f09df8ff0f089300e826fc767c8b5bc4008 /usr.bin/ssh/monitor.c | |
| parent | 598ef1fe0ad7339c54d5ef66559d1ecbc8ff0956 (diff) | |
kerberos/gssapi fixes for buffer removal
Diffstat (limited to 'usr.bin/ssh/monitor.c')
| -rw-r--r-- | usr.bin/ssh/monitor.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 9f026c3c9fe..a2eb0499331 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.183 2018/07/09 21:53:45 markus Exp $ */ +/* $OpenBSD: monitor.c,v 1.184 2018/07/10 09:13:30 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1454,13 +1454,15 @@ mm_answer_gss_setup_ctx(int sock, struct sshbuf *m) gss_OID_desc goid; OM_uint32 major; size_t len; + u_char *p; int r; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - if ((r = sshbuf_get_string(m, &goid.elements, &len)) != 0) + if ((r = sshbuf_get_string(m, &p, &len)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + goid.elements = p; goid.length = len; major = ssh_gssapi_server_ctx(&gsscontext, &goid); @@ -1491,7 +1493,7 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m) if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - if ((r = sshbuf_get_string(m, &in.value, &in.length)) != 0) + if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); free(in.value); @@ -1518,12 +1520,13 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m) { gss_buffer_desc gssbuf, mic; OM_uint32 ret; + int r; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - if ((r = sshbuf_get_string(m, &gssbuf.value, &gssbuf.length)) != 0 || - (r = sshbuf_get_string(m, &mic.value, &mic.length)) != 0) + if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || + (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); @@ -1546,7 +1549,7 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m) int mm_answer_gss_userok(int sock, struct sshbuf *m) { - int authenticated; + int r, authenticated; const char *displayname; if (!options.gss_authentication) |