diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2018-09-05 12:14:07 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-10-16 09:19:40 +0200 |
commit | 72bce5ece7edc2fd8023185f9d47b9fc86ef4663 (patch) | |
tree | 26f33c03ff3afc35a1182d038ec1fe3dceb820b0 | |
parent | 7819621fc2a07d2d4649b36ca77850610741cfec (diff) | |
download | libssh-72bce5ece7edc2fd8023185f9d47b9fc86ef4663.tar.gz libssh-72bce5ece7edc2fd8023185f9d47b9fc86ef4663.tar.xz libssh-72bce5ece7edc2fd8023185f9d47b9fc86ef4663.zip |
CVE-2018-10933: Set correct state after sending MIC
After sending the client token, the auth state is set as
SSH_AUTH_STATE_GSSAPI_MIC_SENT. Then this can be expected to be the
state when a USERAUTH_FAILURE or USERAUTH_SUCCESS arrives.
Fixes T101
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | src/gssapi.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gssapi.c b/src/gssapi.c index 51b69e7a..77df0b59 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -960,8 +960,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){ } if (maj_stat == GSS_S_COMPLETE) { - session->auth.state = SSH_AUTH_STATE_NONE; ssh_gssapi_send_mic(session); + session->auth.state = SSH_AUTH_STATE_GSSAPI_MIC_SENT; } return SSH_PACKET_USED; |