From b79a681ebb701a33da56362088c81eed0e456de0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <pzacik@redhat.com>
Date: Mon, 8 Dec 2025 12:23:11 +0100
Subject: [PATCH] auth: check for strdup allocation failure in
 ssh_userauth_gssapi_keyex
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/auth.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/auth.c b/src/auth.c
index 94aaf05f..574d0343 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -2519,6 +2519,10 @@ int ssh_userauth_gssapi_keyex(ssh_session session)
     session->pending_call_state = SSH_PENDING_CALL_AUTH_GSSAPI_KEYEX;
 
     session->gssapi->user = strdup(session->opts.username);
+    if (session->gssapi->user == NULL) {
+        ssh_set_error_oom(session);
+        return SSH_ERROR;
+    }
     rc = ssh_gssapi_auth_keyex_mic(session, &mic_token_buf);
     if (rc != SSH_OK) {
         session->auth.state = SSH_AUTH_STATE_NONE;