diff options
author | Damien Miller <djm@mindrot.org> | 2005-08-31 19:46:26 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2005-08-31 19:46:26 +1000 |
commit | da9984fc3aafc194485556ae2c7dc6c52cbd56c2 (patch) | |
tree | f34f637005409c5d30b393dffe519bf7216d7f6f /sshconnect2.c | |
parent | ca9ce95bdda599dbfa566385e66732327f27dd30 (diff) |
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/08/30 22:08:05
[gss-serv.c sshconnect2.c]
destroy credentials if krb5_kuserok() call fails. Stops credentials being
delegated to users who are not authorised for GSSAPIAuthentication when
GSSAPIDeletegateCredentials=yes and another authentication mechanism
succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index baee664e..ee7932d6 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.141 2005/07/25 11:59:40 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.142 2005/08/30 22:08:05 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -545,7 +545,8 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) Authctxt *authctxt = ctxt; Gssctxt *gssctxt = authctxt->methoddata; gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; - gss_buffer_desc gssbuf, mic; + gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; + gss_buffer_desc gssbuf; OM_uint32 status, ms, flags; Buffer b; |