destroy credentials if krb5_kuserok() call fails. Stops credentials being

delegated to users who are not authorised for GSSAPIAuthentication when GSSAPIDeletegateCredentials=yes and another authentication mechanism succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
author: djm <djm@openbsd.org> 2005-08-30 22:08:05 +0000
committer: djm <djm@openbsd.org> 2005-08-30 22:08:05 +0000
commit: fd10e266c31aebeee90dc79e7c7e55d5083693ef (patch)
tree: cf666c7700e946588d1fde5bc34ab744a83eef6e /usr.bin/ssh/sshconnect2.c
parent: remove -W from synopsis; ok deraadt@ jmc@ (diff)
download: wireguard-openbsd-fd10e266c31aebeee90dc79e7c7e55d5083693ef.tar.xz
wireguard-openbsd-fd10e266c31aebeee90dc79e7c7e55d5083693ef.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 331e7096459..79c61c34f1e 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.141 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.142 2005/08/30 22:08:05 djm Exp $");
 
 #include "ssh.h"
 #include "ssh2.h"
@@ -543,7 +543,8 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
 	Authctxt *authctxt = ctxt;
 	Gssctxt *gssctxt = authctxt->methoddata;
 	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
-	gss_buffer_desc gssbuf, mic;
+	gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc gssbuf;
 	OM_uint32 status, ms, flags;
 	Buffer b;
author	djm <djm@openbsd.org>	2005-08-30 22:08:05 +0000
committer	djm <djm@openbsd.org>	2005-08-30 22:08:05 +0000
commit	fd10e266c31aebeee90dc79e7c7e55d5083693ef (patch)
tree	cf666c7700e946588d1fde5bc34ab744a83eef6e /usr.bin/ssh/sshconnect2.c
parent	remove -W from synopsis; ok deraadt@ jmc@ (diff)
download	wireguard-openbsd-fd10e266c31aebeee90dc79e7c7e55d5083693ef.tar.xz wireguard-openbsd-fd10e266c31aebeee90dc79e7c7e55d5083693ef.zip