- djm@cvs.openbsd.org 2014/02/26 20:28:44
[auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@
diff --git a/auth2-gss.c b/auth2-gss.c
index 638d8f8..c28a705 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.21 2014/02/26 20:28:44 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -62,7 +62,6 @@
gss_OID_desc goid = {0, NULL};
Gssctxt *ctxt = NULL;
int mechs;
- gss_OID_set supported;
int present;
OM_uint32 ms;
u_int len;
@@ -77,7 +76,6 @@
return (0);
}
- ssh_gssapi_supported_oids(&supported);
do {
mechs--;
@@ -90,15 +88,12 @@
doid[1] == len - 2) {
goid.elements = doid + 2;
goid.length = len - 2;
- gss_test_oid_set_member(&ms, &goid, supported,
- &present);
+ ssh_gssapi_test_oid_supported(&ms, &goid, &present);
} else {
logit("Badly formed OID received");
}
} while (mechs > 0 && !present);
- gss_release_oid_set(&ms, &supported);
-
if (!present) {
free(doid);
authctxt->server_caused_failure = 1;