packet_cb: adjust response to NEWKEYS w.r.t. GSSAPI

Do not try to verify mic if gssapi-keyex was not performed, and fix a memory leak of the mic on error. Signed-off-by: Pavol Žáčik <pzacik@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-04 20:30:38 +09:00 · 2025-12-18 19:37:22 +01:00
parent e04d753ace
commit 11c4b29e20
1 changed files with 11 additions and 1 deletions
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -178,7 +178,7 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys)
        session->dh_handshake_state=DH_STATE_FINISHED;
    } else {
 #ifdef WITH_GSSAPI
-        if (session->opts.gssapi_key_exchange) {
+        if (ssh_kex_is_gss(session->next_crypto)) {
            OM_uint32 maj_stat, min_stat;
            gss_buffer_desc mic = GSS_C_EMPTY_BUFFER, msg = GSS_C_EMPTY_BUFFER;

@@ -187,6 +187,13 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys)
                goto error;
            }

+            if (session->gssapi_key_exchange_mic == NULL) {
+                ssh_set_error(session,
+                              SSH_FATAL,
+                              "GSSAPI mic not set");
+                goto error;
+            }
+
            mic.length = ssh_string_len(session->gssapi_key_exchange_mic);
            mic.value = ssh_string_data(session->gssapi_key_exchange_mic);

@@ -271,6 +278,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys)
    return SSH_PACKET_USED;

 error:
+#ifdef WITH_GSSAPI
+    SSH_STRING_FREE(session->gssapi_key_exchange_mic);
+#endif
    SSH_SIGNATURE_FREE(sig);
    ssh_string_burn(sig_blob);
    SSH_STRING_FREE(sig_blob);