CVE-2018-10933: Set correct state after sending MIC

After sending the client token, the auth state is set as
SSH_AUTH_STATE_GSSAPI_MIC_SENT.  Then this can be expected to be the
state when a USERAUTH_FAILURE or USERAUTH_SUCCESS arrives.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

src/gssapi.c

@@ -943,8 +943,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
         packet_send(session);
     }
     if(maj_stat == GSS_S_COMPLETE){
-        session->auth_state = SSH_AUTH_STATE_NONE;
         ssh_gssapi_send_mic(session);
+        session->auth_state = SSH_AUTH_STATE_GSSAPI_MIC_SENT;
     }
     return SSH_PACKET_USED;
 }