- (djm) OpenBSD CVS Sync

- djm@cvs.openbsd.org 2005/08/30 22:08:05 [gss-serv.c sshconnect2.c] destroy credentials if krb5_kuserok() call fails. Stops credentials being delegated to users who are not authorised for GSSAPIAuthentication when GSSAPIDeletegateCredentials=yes and another authentication mechanism succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
author: Damien Miller <djm@mindrot.org> 2005-08-31 19:46:26 +1000
committer: Damien Miller <djm@mindrot.org> 2005-08-31 19:46:26 +1000
commit: da9984fc3aafc194485556ae2c7dc6c52cbd56c2 (patch)
tree: f34f637005409c5d30b393dffe519bf7216d7f6f /sshconnect2.c
parent: ca9ce95bdda599dbfa566385e66732327f27dd30 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index baee664e..ee7932d6 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.141 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.142 2005/08/30 22:08:05 djm Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -545,7 +545,8 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
 	Authctxt *authctxt = ctxt;
 	Gssctxt *gssctxt = authctxt->methoddata;
 	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
-	gss_buffer_desc gssbuf, mic;
+	gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc gssbuf;
 	OM_uint32 status, ms, flags;
 	Buffer b;
author	Damien Miller <djm@mindrot.org>	2005-08-31 19:46:26 +1000
committer	Damien Miller <djm@mindrot.org>	2005-08-31 19:46:26 +1000
commit	da9984fc3aafc194485556ae2c7dc6c52cbd56c2 (patch)
tree	f34f637005409c5d30b393dffe519bf7216d7f6f /sshconnect2.c
parent	ca9ce95bdda599dbfa566385e66732327f27dd30 (diff)