From a189c2ef4dc5da82c0e5dcd6dfae87bfc4057bf6 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 21 Jan 2026 11:33:37 +0100
Subject: [PATCH] gssapi: Sanitize input parameters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Originally reported with this patch by Brian Carpenter from Deep Fork Cyber.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
---
 src/gssapi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/gssapi.c b/src/gssapi.c
index ec08db21..696d1093 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -850,6 +850,10 @@ int ssh_gssapi_client_identity(ssh_session session, gss_OID_set *valid_oids)
     char *ptr = NULL;
     int ret;
 
+    if (session == NULL || session->gssapi == NULL) {
+        return SSH_ERROR;
+    }
+
     if (session->gssapi->client.client_deleg_creds == NULL) {
         if (session->opts.gss_client_identity != NULL) {
             namebuf.value = (void *)session->opts.gss_client_identity;