From 11c4b29e20439b4a534bcdd575f89804dc149a7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= Date: Thu, 18 Dec 2025 19:37:22 +0100 Subject: [PATCH] packet_cb: adjust response to NEWKEYS w.r.t. GSSAPI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do not try to verify mic if gssapi-keyex was not performed, and fix a memory leak of the mic on error. Signed-off-by: Pavol Žáčik Reviewed-by: Jakub Jelen Reviewed-by: Andreas Schneider --- src/packet_cb.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/packet_cb.c b/src/packet_cb.c index 0fee5d48..6228b44a 100644 --- a/src/packet_cb.c +++ b/src/packet_cb.c @@ -178,7 +178,7 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys) session->dh_handshake_state=DH_STATE_FINISHED; } else { #ifdef WITH_GSSAPI - if (session->opts.gssapi_key_exchange) { + if (ssh_kex_is_gss(session->next_crypto)) { OM_uint32 maj_stat, min_stat; gss_buffer_desc mic = GSS_C_EMPTY_BUFFER, msg = GSS_C_EMPTY_BUFFER; @@ -187,6 +187,13 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys) goto error; } + if (session->gssapi_key_exchange_mic == NULL) { + ssh_set_error(session, + SSH_FATAL, + "GSSAPI mic not set"); + goto error; + } + mic.length = ssh_string_len(session->gssapi_key_exchange_mic); mic.value = ssh_string_data(session->gssapi_key_exchange_mic); @@ -271,6 +278,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys) return SSH_PACKET_USED; error: +#ifdef WITH_GSSAPI + SSH_STRING_FREE(session->gssapi_key_exchange_mic); +#endif SSH_SIGNATURE_FREE(sig); ssh_string_burn(sig_blob); SSH_STRING_FREE(sig_blob);