From: Sam Hartman <hartmans@debian.org>
Date: Fri, 7 Jun 2013 15:30:57 +0000 (-0400)
Subject: Fix segfault in gss_generic_localname
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=openssh.git;a=commitdiff_plain;h=824c432fbffc619604ab59b2f87f115e2caa8c12

Fix segfault in gss_generic_localname
---

diff --git a/debian/patches/0001-initial-empty-usernames-on-top-of-keyex-and-role.patch b/debian/patches/0001-initial-empty-usernames-on-top-of-keyex-and-role.patch
index c8cef67..40430bf 100644
--- a/debian/patches/0001-initial-empty-usernames-on-top-of-keyex-and-role.patch
+++ b/debian/patches/0001-initial-empty-usernames-on-top-of-keyex-and-role.patch
@@ -12,8 +12,8 @@ Subject: [PATCH] initial empty usernames on top of  keyex and role
 
 Index: openssh/auth-pam.c
 ===================================================================
---- openssh.orig/auth-pam.c	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/auth-pam.c	2013-06-01 14:38:06.000000000 -0400
+--- openssh.orig/auth-pam.c	2013-06-06 18:42:07.983828240 -0400
++++ openssh/auth-pam.c	2013-06-06 18:42:08.131828233 -0400
 @@ -30,7 +30,7 @@
   */
  /*
@@ -95,8 +95,8 @@ Index: openssh/auth-pam.c
  
 Index: openssh/auth-pam.h
 ===================================================================
---- openssh.orig/auth-pam.h	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/auth-pam.h	2013-06-01 14:38:06.000000000 -0400
+--- openssh.orig/auth-pam.h	2013-06-06 18:42:07.983828240 -0400
++++ openssh/auth-pam.h	2013-06-06 18:42:08.131828233 -0400
 @@ -46,5 +46,6 @@
  void sshpam_cleanup(void);
  int sshpam_auth_passwd(Authctxt *, const char *);
@@ -106,8 +106,8 @@ Index: openssh/auth-pam.h
  #endif /* USE_PAM */
 Index: openssh/auth2-gss.c
 ===================================================================
---- openssh.orig/auth2-gss.c	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/auth2-gss.c	2013-06-01 14:38:06.000000000 -0400
+--- openssh.orig/auth2-gss.c	2013-06-06 18:42:07.983828240 -0400
++++ openssh/auth2-gss.c	2013-06-06 18:42:08.135828231 -0400
 @@ -47,6 +47,7 @@
  
  extern ServerOptions options;
@@ -288,8 +288,8 @@ Index: openssh/auth2-gss.c
  	userauth_gsskeyex,
 Index: openssh/auth2.c
 ===================================================================
---- openssh.orig/auth2.c	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/auth2.c	2013-06-01 14:38:06.000000000 -0400
+--- openssh.orig/auth2.c	2013-06-06 18:42:07.983828240 -0400
++++ openssh/auth2.c	2013-06-06 18:42:08.139828230 -0400
 @@ -223,10 +223,30 @@
  	if (authctxt == NULL)
  		fatal("input_userauth_request: no authctxt");
@@ -400,8 +400,8 @@ Index: openssh/auth2.c
  	}
 Index: openssh/gss-serv.c
 ===================================================================
---- openssh.orig/gss-serv.c	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/gss-serv.c	2013-06-01 15:45:48.000000000 -0400
+--- openssh.orig/gss-serv.c	2013-06-06 20:43:31.227637322 -0400
++++ openssh/gss-serv.c	2013-06-07 11:29:27.930100684 -0400
 @@ -80,7 +80,7 @@
    gss_buffer_desc lbuffer;
    OM_uint32 major, minor;
@@ -411,6 +411,15 @@ Index: openssh/gss-serv.c
    if (GSS_ERROR(major))
      return 0;
    if (lbuffer.value == NULL)
+@@ -88,7 +88,7 @@
+   *localname = xmalloc(lbuffer.length+1);
+   if (*localname) {
+     memcpy(*localname, lbuffer.value, lbuffer.length);
+-    *localname[lbuffer.length] = '\0';
++    (*localname)[lbuffer.length] = '\0';
+   }
+   gss_release_buffer(&minor, &lbuffer);
+   if (*localname)
 @@ -521,6 +521,20 @@
  	return (0);
  }
@@ -434,8 +443,8 @@ Index: openssh/gss-serv.c
   *
 Index: openssh/monitor.c
 ===================================================================
---- openssh.orig/monitor.c	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/monitor.c	2013-06-01 14:38:08.000000000 -0400
+--- openssh.orig/monitor.c	2013-06-06 18:42:07.987828240 -0400
++++ openssh/monitor.c	2013-06-06 18:42:08.215828233 -0400
 @@ -182,6 +182,8 @@
  int mm_answer_gss_userok(int, Buffer *);
  int mm_answer_gss_checkmic(int, Buffer *);
@@ -561,8 +570,8 @@ Index: openssh/monitor.c
  {
 Index: openssh/monitor.h
 ===================================================================
---- openssh.orig/monitor.h	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/monitor.h	2013-06-01 14:38:08.000000000 -0400
+--- openssh.orig/monitor.h	2013-06-06 18:42:07.987828240 -0400
++++ openssh/monitor.h	2013-06-06 18:42:08.215828233 -0400
 @@ -52,6 +52,8 @@
  	MONITOR_REQ_GSSSETUP, MONITOR_ANS_GSSSETUP,
  	MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP,
@@ -574,8 +583,8 @@ Index: openssh/monitor.h
  	MONITOR_REQ_GSSUPCREDS, MONITOR_ANS_GSSUPCREDS,
 Index: openssh/monitor_wrap.c
 ===================================================================
---- openssh.orig/monitor_wrap.c	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/monitor_wrap.c	2013-06-01 14:38:08.000000000 -0400
+--- openssh.orig/monitor_wrap.c	2013-06-06 18:42:07.987828240 -0400
++++ openssh/monitor_wrap.c	2013-06-06 18:42:08.219828232 -0400
 @@ -1306,6 +1306,54 @@
  	return (authenticated);
  }
@@ -633,8 +642,8 @@ Index: openssh/monitor_wrap.c
  {
 Index: openssh/monitor_wrap.h
 ===================================================================
---- openssh.orig/monitor_wrap.h	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/monitor_wrap.h	2013-06-01 14:38:08.000000000 -0400
+--- openssh.orig/monitor_wrap.h	2013-06-06 18:42:07.991828239 -0400
++++ openssh/monitor_wrap.h	2013-06-06 18:42:08.219828232 -0400
 @@ -62,6 +62,8 @@
  int mm_ssh_gssapi_userok(char *user, struct passwd *);
  OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
@@ -646,8 +655,8 @@ Index: openssh/monitor_wrap.h
  
 Index: openssh/misc.c
 ===================================================================
---- openssh.orig/misc.c	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/misc.c	2013-06-01 14:38:08.000000000 -0400
+--- openssh.orig/misc.c	2013-06-06 20:43:10.031637879 -0400
++++ openssh/misc.c	2013-06-06 18:42:08.215828233 -0400
 @@ -224,6 +224,20 @@
  	return copy;
  }
@@ -671,8 +680,8 @@ Index: openssh/misc.c
   * Port must be >=0 and <=65535.
 Index: openssh/misc.h
 ===================================================================
---- openssh.orig/misc.h	2013-06-01 14:38:04.000000000 -0400
-+++ openssh/misc.h	2013-06-01 14:38:08.000000000 -0400
+--- openssh.orig/misc.h	2013-06-06 20:43:10.031637879 -0400
++++ openssh/misc.h	2013-06-06 18:42:08.215828233 -0400
 @@ -38,6 +38,7 @@
  void	 sock_set_v6only(int);
  
diff --git a/debian/patches/openssh-integ.patch b/debian/patches/openssh-integ.patch
index 70971e9..ef4f0bb 100644
--- a/debian/patches/openssh-integ.patch
+++ b/debian/patches/openssh-integ.patch
@@ -1,7 +1,7 @@
 Index: openssh/gss-serv.c
 ===================================================================
---- openssh.orig/gss-serv.c	2012-10-26 20:34:21.000000000 -0400
-+++ openssh/gss-serv.c	2012-10-26 20:36:26.000000000 -0400
+--- openssh.orig/gss-serv.c	2013-06-07 11:29:27.930100684 -0400
++++ openssh/gss-serv.c	2013-06-07 11:31:08.690104607 -0400
 @@ -281,10 +281,13 @@
  	 * we flag the user as also having been authenticated
  	 */
@@ -21,8 +21,8 @@ Index: openssh/gss-serv.c
  	return (status);
 Index: openssh/servconf.c
 ===================================================================
---- openssh.orig/servconf.c	2012-10-26 20:34:21.000000000 -0400
-+++ openssh/servconf.c	2012-10-26 20:39:34.000000000 -0400
+--- openssh.orig/servconf.c	2013-06-07 11:27:23.126095830 -0400
++++ openssh/servconf.c	2013-06-07 11:31:08.690104607 -0400
 @@ -98,6 +98,7 @@
  	options->kerberos_get_afs_token = -1;
  	options->gss_authentication=-1;
@@ -85,8 +85,8 @@ Index: openssh/servconf.c
  	dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
 Index: openssh/servconf.h
 ===================================================================
---- openssh.orig/servconf.h	2012-10-26 20:34:21.000000000 -0400
-+++ openssh/servconf.h	2012-10-26 20:36:26.000000000 -0400
+--- openssh.orig/servconf.h	2013-06-07 11:27:23.126095830 -0400
++++ openssh/servconf.h	2013-06-07 11:31:08.690104607 -0400
 @@ -104,6 +104,7 @@
  						 * authenticated with Kerberos. */
  	int     gss_authentication;	/* If true, permit GSSAPI authentication */
@@ -97,8 +97,8 @@ Index: openssh/servconf.h
  	int 	gss_store_rekey;
 Index: openssh/sshd_config
 ===================================================================
---- openssh.orig/sshd_config	2012-10-26 20:34:21.000000000 -0400
-+++ openssh/sshd_config	2012-10-26 20:36:26.000000000 -0400
+--- openssh.orig/sshd_config	2013-06-07 11:27:23.126095830 -0400
++++ openssh/sshd_config	2013-06-07 11:31:08.694104606 -0400
 @@ -78,6 +78,7 @@
  #GSSAPICleanupCredentials yes
  #GSSAPIStrictAcceptorCheck yes
@@ -109,8 +109,8 @@ Index: openssh/sshd_config
  # and session processing. If this is enabled, PAM authentication will 
 Index: openssh/sshd_config.5
 ===================================================================
---- openssh.orig/sshd_config.5	2012-10-26 20:34:21.000000000 -0400
-+++ openssh/sshd_config.5	2012-10-26 20:40:18.000000000 -0400
+--- openssh.orig/sshd_config.5	2013-06-07 11:27:23.126095830 -0400
++++ openssh/sshd_config.5	2013-06-07 11:31:08.694104606 -0400
 @@ -467,6 +467,16 @@
  The default is
  .Dq yes .