diff options
| author | Damien Miller <djm@mindrot.org> | 2014-02-27 00:17:49 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-02-27 00:17:49 +0100 |
| commit | e6a74aeeacd01d885262ff8e50eb28faee8c8039 (patch) | |
| tree | 5e3bb4872b341d7364268634c7cfeb64658cb50e /auth2-gss.c | |
| parent | - djm@cvs.openbsd.org 2014/02/26 20:18:37 (diff) | |
| download | openssh-e6a74aeeacd01d885262ff8e50eb28faee8c8039.tar.xz openssh-e6a74aeeacd01d885262ff8e50eb28faee8c8039.zip | |
- djm@cvs.openbsd.org 2014/02/26 20:28:44
[auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@
Diffstat (limited to 'auth2-gss.c')
| -rw-r--r-- | auth2-gss.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/auth2-gss.c b/auth2-gss.c index 638d8f88e..c28a705cb 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.21 2014/02/26 20:28:44 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -62,7 +62,6 @@ userauth_gssapi(Authctxt *authctxt) gss_OID_desc goid = {0, NULL}; Gssctxt *ctxt = NULL; int mechs; - gss_OID_set supported; int present; OM_uint32 ms; u_int len; @@ -77,7 +76,6 @@ userauth_gssapi(Authctxt *authctxt) return (0); } - ssh_gssapi_supported_oids(&supported); do { mechs--; @@ -90,15 +88,12 @@ userauth_gssapi(Authctxt *authctxt) doid[1] == len - 2) { goid.elements = doid + 2; goid.length = len - 2; - gss_test_oid_set_member(&ms, &goid, supported, - &present); + ssh_gssapi_test_oid_supported(&ms, &goid, &present); } else { logit("Badly formed OID received"); } } while (mechs > 0 && !present); - gss_release_oid_set(&ms, &supported); - if (!present) { free(doid); authctxt->server_caused_failure = 1; |