summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/auth2-gss.c22
-rw-r--r--usr.bin/ssh/compat.c8
-rw-r--r--usr.bin/ssh/compat.h3
-rw-r--r--usr.bin/ssh/sshconnect2.c40
4 files changed, 30 insertions, 43 deletions
diff --git a/usr.bin/ssh/auth2-gss.c b/usr.bin/ssh/auth2-gss.c
index a82b87f5111..84fb384f954 100644
--- a/usr.bin/ssh/auth2-gss.c
+++ b/usr.bin/ssh/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.4 2003/10/21 09:50:06 markus Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.5 2003/11/02 11:01:03 markus Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -78,19 +78,19 @@ userauth_gssapi(Authctxt *authctxt)
if (doid)
xfree(doid);
+ present = 0;
doid = packet_get_string(&len);
- if (len <= 2)
- packet_disconnect("Short OID received");
- if (doid[0] != SSH_GSS_OIDTYPE || doid[1] != len-2) {
- logit("Mechanism OID received using the old encoding form");
- oid.elements = doid;
- oid.length = len;
+ if (len > 2 &&
+ doid[0] == SSH_GSS_OIDTYPE &&
+ doid[1] == len - 2) {
+ oid.elements = doid + 2;
+ oid.length = len - 2;
+ gss_test_oid_set_member(&ms, &oid, supported,
+ &present);
} else {
- oid.elements = doid + 2;
- oid.length = len - 2;
+ logit("Badly formed OID received");
}
- gss_test_oid_set_member(&ms, &oid, supported, &present);
} while (mechs > 0 && !present);
gss_release_oid_set(&ms, &supported);
@@ -109,7 +109,7 @@ userauth_gssapi(Authctxt *authctxt)
packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
- /* Return OID in same format as we received it*/
+ /* Return the OID that we received */
packet_put_string(doid, len);
packet_send();
diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c
index af1d14321cd..2fdebe7fa21 100644
--- a/usr.bin/ssh/compat.c
+++ b/usr.bin/ssh/compat.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.69 2003/08/29 10:03:15 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.70 2003/11/02 11:01:03 markus Exp $");
#include "buffer.h"
#include "packet.h"
@@ -79,11 +79,7 @@ compat_datafellows(const char *version)
{ "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
{ "OpenSSH_2.*,"
"OpenSSH_3.0*,"
- "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_BUG_GSSAPI_BER},
- { "OpenSSH_3.2*,"
- "OpenSSH_3.3*,"
- "OpenSSH_3.4*,"
- "OpenSSH_3.5*", SSH_BUG_GSSAPI_BER},
+ "OpenSSH_3.1*", SSH_BUG_EXTEOF},
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
{ "OpenSSH*", 0 },
{ "*MindTerm*", 0 },
diff --git a/usr.bin/ssh/compat.h b/usr.bin/ssh/compat.h
index 7a500445576..efa0f081ef9 100644
--- a/usr.bin/ssh/compat.h
+++ b/usr.bin/ssh/compat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.36 2003/08/29 10:03:15 markus Exp $ */
+/* $OpenBSD: compat.h,v 1.37 2003/11/02 11:01:03 markus Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@@ -55,7 +55,6 @@
#define SSH_BUG_EXTEOF 0x00200000
#define SSH_BUG_PROBE 0x00400000
#define SSH_BUG_FIRSTKEX 0x00800000
-#define SSH_BUG_GSSAPI_BER 0x01000000
void enable_compat13(void);
void enable_compat20(void);
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index e5e7726de65..c9bb49bb92d 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.128 2003/10/26 16:57:43 avsm Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.129 2003/11/02 11:01:03 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
@@ -517,17 +517,11 @@ userauth_gssapi(Authctxt *authctxt)
packet_put_int(1);
- /* Some servers encode the OID incorrectly (as we used to) */
- if (datafellows & SSH_BUG_GSSAPI_BER) {
- packet_put_string(gss_supported->elements[mech].elements,
- gss_supported->elements[mech].length);
- } else {
- packet_put_int((gss_supported->elements[mech].length)+2);
- packet_put_char(SSH_GSS_OIDTYPE);
- packet_put_char(gss_supported->elements[mech].length);
- packet_put_raw(gss_supported->elements[mech].elements,
- gss_supported->elements[mech].length);
- }
+ packet_put_int((gss_supported->elements[mech].length) + 2);
+ packet_put_char(SSH_GSS_OIDTYPE);
+ packet_put_char(gss_supported->elements[mech].length);
+ packet_put_raw(gss_supported->elements[mech].elements,
+ gss_supported->elements[mech].length);
packet_send();
@@ -558,20 +552,18 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
/* Setup our OID */
oidv = packet_get_string(&oidlen);
- if (datafellows & SSH_BUG_GSSAPI_BER) {
- if (!ssh_gssapi_check_oid(gssctxt, oidv, oidlen))
- fatal("Server returned different OID than expected");
- } else {
- if(oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen-2) {
- debug("Badly encoded mechanism OID received");
- userauth(authctxt, NULL);
- xfree(oidv);
- return;
- }
- if (!ssh_gssapi_check_oid(gssctxt, oidv+2, oidlen-2))
- fatal("Server returned different OID than expected");
+ if (oidlen <= 2 ||
+ oidv[0] != SSH_GSS_OIDTYPE ||
+ oidv[1] != oidlen - 2) {
+ debug("Badly encoded mechanism OID received");
+ userauth(authctxt, NULL);
+ xfree(oidv);
+ return;
}
+ if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
+ fatal("Server returned different OID than expected");
+
packet_check_eom();
xfree(oidv);