upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtucker
OpenBSD-Commit-ID: ce66db603a913d3dd57063e330cb5494d70722c4
This commit is contained in:
parent
1883841fc1
commit
8ba2d4764b
12
auth2-gss.c
12
auth2-gss.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-gss.c,v 1.33 2021/12/19 22:12:07 djm Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.34 2023/03/31 04:22:27 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
@ -48,6 +48,8 @@
|
|||
#include "ssh-gss.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
#define SSH_GSSAPI_MAX_MECHS 2048
|
||||
|
||||
extern ServerOptions options;
|
||||
|
||||
static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh);
|
||||
|
@ -75,7 +77,11 @@ userauth_gssapi(struct ssh *ssh, const char *method)
|
|||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (mechs == 0) {
|
||||
debug("Mechanism negotiation is not supported");
|
||||
logit_f("mechanism negotiation is not supported");
|
||||
return (0);
|
||||
} else if (mechs > SSH_GSSAPI_MAX_MECHS) {
|
||||
logit_f("too many mechanisms requested %u > %u", mechs,
|
||||
SSH_GSSAPI_MAX_MECHS);
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
@ -94,7 +100,7 @@ userauth_gssapi(struct ssh *ssh, const char *method)
|
|||
goid.length = len - 2;
|
||||
ssh_gssapi_test_oid_supported(&ms, &goid, &present);
|
||||
} else {
|
||||
logit("Badly formed OID received");
|
||||
logit_f("badly formed OID received");
|
||||
}
|
||||
} while (mechs > 0 && !present);
|
||||
|
||||
|
|
Loading…
Reference in New Issue