- markus@cvs.openbsd.org 2003/10/21 09:50:06

     [auth2-gss.c]
     make sure the doid is larger than 2

2 files changed, 7 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index e5db31fc..5352c90d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,9 @@
    - markus@cvs.openbsd.org 2003/10/15 09:48:45
      [monitor_wrap.c]
      check pmonitor != NULL
+   - markus@cvs.openbsd.org 2003/10/21 09:50:06
+     [auth2-gss.c]
+     make sure the doid is larger than 2
 
 20031021
  - (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords
@@ -1380,4 +1383,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3087 2003/11/03 09:03:25 dtucker Exp $
+$Id: ChangeLog,v 1.3088 2003/11/03 09:05:03 dtucker Exp $
diff --git a/auth2-gss.c b/auth2-gss.c
index 75b94b00..a82b87f5 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: auth2-gss.c,v 1.3 2003/09/01 20:44:54 markus Exp $	*/
+/*	$OpenBSD: auth2-gss.c,v 1.4 2003/10/21 09:50:06 markus Exp $	*/
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -79,6 +79,8 @@ userauth_gssapi(Authctxt *authctxt)
 			xfree(doid);
 
 		doid = packet_get_string(&len);
+		if (len <= 2)
+			packet_disconnect("Short OID received");
 
 		if (doid[0] != SSH_GSS_OIDTYPE || doid[1] != len-2) {
 			logit("Mechanism OID received using the old encoding form");