Attachment #2406 for bug #2107




	gss_OID_desc goid = {0, NULL};
	Gssctxt *ctxt = NULL;
	int mechs;
	gss_OID_set supported;
	int present;
	OM_uint32 ms;
	u_int len;

		return (0);
	}

	ssh_gssapi_supported_oids(&supported);
	do {
		mechs--;


		    doid[1] == len - 2) {
			goid.elements = doid + 2;
			goid.length   = len - 2;
			ssh_gssapi_test_oid_supported(&ms, &goid, &present);
			    &present);
		} else {
			logit("Badly formed OID received");
		}
	} while (mechs > 0 && !present);

	gss_release_oid_set(&ms, &supported);

	if (!present) {
		free(doid);




	&gssapi_null_mech,
};

/*
 * ssh_gssapi_supported_oids() can cause sandbox violations, so prepare the
 * list of supported mechanisms before privsep is set up.
 */
static gss_OID_set supported_oids;

void
ssh_gssapi_prepare_supported_oids(void)
{
	ssh_gssapi_supported_oids(&supported_oids);
}

OM_uint32
ssh_gssapi_test_oid_supported(OM_uint32 *ms, gss_OID member, int *present)
{
	if (supported_oids == NULL)
		ssh_gssapi_prepare_supported_oids();
	return gss_test_oid_set_member(ms, member, supported_oids, present);
}

/*
 * Acquire credentials for a server running on the current host.

Lines 104-109 void ssh_gssapi_set_oid_data(Gssctxt *, Link Here

(-)ssh-gss.h (+2 lines)
104	void ssh_gssapi_set_oid(Gssctxt *, gss_OID);	104	void ssh_gssapi_set_oid(Gssctxt *, gss_OID);
105	void ssh_gssapi_supported_oids(gss_OID_set *);	105	void ssh_gssapi_supported_oids(gss_OID_set *);
106	ssh_gssapi_mech ssh_gssapi_get_ctype(Gssctxt );	106	ssh_gssapi_mech ssh_gssapi_get_ctype(Gssctxt );
		107	void ssh_gssapi_prepare_supported_oids(void);
		108	OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 , gss_OID, int );
107		109
108	OM_uint32 ssh_gssapi_import_name(Gssctxt , const char );	110	OM_uint32 ssh_gssapi_import_name(Gssctxt , const char );
109	OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int,	111	OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int,

Lines 618-623 privsep_preauth_child(void) Link Here

(-)sshd.c (+4 lines)
618	/* Enable challenge-response authentication for privilege separation */	618	/* Enable challenge-response authentication for privilege separation */
619	privsep_challenge_enable();	619	privsep_challenge_enable();
620		620
		621	/* Cache supported mechanism OIDs for later use */
		622	if (options.gss_authentication)
		623	ssh_gssapi_prepare_supported_oids();
		624
621	arc4random_stir();	625	arc4random_stir();
622	arc4random_buf(rnd, sizeof(rnd));	626	arc4random_buf(rnd, sizeof(rnd));
623	RAND_seed(rnd, sizeof(rnd));	627	RAND_seed(rnd, sizeof(rnd));

Return to bug 2107

Lines 62-68 userauth_gssapi(Authctxt *authctxt) Link Here

(-)auth2-gss.c (-6 / +1 lines)
62	gss_OID_desc goid = {0, NULL};	62	gss_OID_desc goid = {0, NULL};
63	Gssctxt *ctxt = NULL;	63	Gssctxt *ctxt = NULL;
64	int mechs;	64	int mechs;
65	gss_OID_set supported;
66	int present;	65	int present;
67	OM_uint32 ms;	66	OM_uint32 ms;
68	u_int len;	67	u_int len;
Lines 77-83 userauth_gssapi(Authctxt *authctxt) Link Here
77	return (0);	76	return (0);
78	}	77	}
79		78
80	ssh_gssapi_supported_oids(&supported);
81	do {	79	do {
82	mechs--;	80	mechs--;
83		81
Lines 90-103 userauth_gssapi(Authctxt *authctxt) Link Here
90	doid[1] == len - 2) {	88	doid[1] == len - 2) {
91	goid.elements = doid + 2;	89	goid.elements = doid + 2;
92	goid.length = len - 2;	90	goid.length = len - 2;
93	gss_test_oid_set_member(&ms, &goid, supported,	91	ssh_gssapi_test_oid_supported(&ms, &goid, &present);
94	&present);
95	} else {	92	} else {
96	logit("Badly formed OID received");	93	logit("Badly formed OID received");
97	}	94	}
98	} while (mechs > 0 && !present);	95	} while (mechs > 0 && !present);
99
100	gss_release_oid_set(&ms, &supported);
101		96
102	if (!present) {	97	if (!present) {
103	free(doid);	98	free(doid);

Lines 66-71 ssh_gssapi_mech* supported_mechs[]= { Link Here

(-)gss-serv.c (+19 lines)
66	&gssapi_null_mech,	66	&gssapi_null_mech,
67	};	67	};
68		68
		69	/*
		70	* ssh_gssapi_supported_oids() can cause sandbox violations, so prepare the
		71	* list of supported mechanisms before privsep is set up.
		72	*/
		73	static gss_OID_set supported_oids;
		74
		75	void
		76	ssh_gssapi_prepare_supported_oids(void)
		77	{
		78	ssh_gssapi_supported_oids(&supported_oids);
		79	}
		80
		81	OM_uint32
		82	ssh_gssapi_test_oid_supported(OM_uint32 ms, gss_OID member, int present)
		83	{
		84	if (supported_oids == NULL)
		85	ssh_gssapi_prepare_supported_oids();
		86	return gss_test_oid_set_member(ms, member, supported_oids, present);
		87	}
69		88
70	/*	89	/*
71	* Acquire credentials for a server running on the current host.	90	* Acquire credentials for a server running on the current host.