[PATCH] userauth_gssapi_cleanup: supported mechs should be freed via gss_release_oid_set

Markus Schmidt markus at blueflash.cc
Fri Mar 15 20:37:45 AEDT 2019


Attached is a small patch that should be applied before the 8.0 release.

It fixes a problem with a recent patch (authored by me), where 
gssapi_cleanup was introduced and gssapi resources are freed.

It turns out that the supported_mechs should not be just freed but 
instead freed through gss_release_oid_set.

The error is probably irrelevant in the *ix/bsd environments, but turned 
out to be an error under Windows if a dynamic lib (gssapi.dll) from MIT 
Kerbereros is used.


Markus Schmidt
-------------- next part --------------
diff --git a/sshconnect2.c b/sshconnect2.c
index dffee90..e4f345e 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -749,14 +749,15 @@ userauth_gssapi(struct ssh *ssh)
 static void
 userauth_gssapi_cleanup(struct ssh *ssh)
+	OM_uint32 ms;
 	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	Gssctxt *gssctxt = (Gssctxt *)authctxt->methoddata;
 	authctxt->methoddata = NULL;
-	free(authctxt->gss_supported_mechs);
-	authctxt->gss_supported_mechs = NULL;
+	gss_release_oid_set(&ms, &authctxt->gss_supported_mechs);
 static OM_uint32

More information about the openssh-unix-dev mailing list