gssapi: add null checks for session->gssapi before using it

These are not strictly necessary because we always check that we performed GSSAPI KEX, but they won't hurt us. Signed-off-by: Pavol Žáčik <pzacik@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-04 12:20:42 +09:00 · 2025-12-18 19:36:42 +01:00
parent 06eea93ded
commit e04d753ace
4 changed files with 21 additions and 0 deletions
--- a/src/auth.c
+++ b/src/auth.c
@@ -2501,6 +2501,11 @@ int ssh_userauth_gssapi_keyex(ssh_session session)
        return SSH_ERROR;
    }

+    if (session->gssapi == NULL) {
+        ssh_set_error(session, SSH_FATAL, "GSSAPI context not initialized");
+        return SSH_ERROR;
+    }
+
    rc = ssh_userauth_request_service(session);
    if (rc == SSH_AGAIN) {
        return SSH_AUTH_AGAIN;
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -1205,6 +1205,11 @@ int ssh_gssapi_auth_keyex_mic(ssh_session session,
    gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
    OM_uint32 maj_stat, min_stat;

+    if (session->gssapi == NULL || session->gssapi->ctx == NULL) {
+        ssh_set_error(session, SSH_FATAL, "GSSAPI context not initialized");
+        return SSH_ERROR;
+    }
+
    buf = ssh_gssapi_build_mic(session, "gssapi-keyex");
    if (buf == NULL) {
        ssh_set_error_oom(session);
--- a/src/messages.c
+++ b/src/messages.c
@@ -1163,6 +1163,12 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request)
            goto error;
        }

+        if (session->gssapi == NULL || session->gssapi->ctx == NULL) {
+            ssh_set_error(session, SSH_FATAL, "GSSAPI context not initialized");
+            ssh_auth_reply_default(session, 0);
+            goto error;
+        }
+
        rc = ssh_buffer_unpack(packet, "S", &mic_token_string);
        if (rc != SSH_OK) {
            ssh_auth_reply_default(session, 0);
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -182,6 +182,11 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys)
            OM_uint32 maj_stat, min_stat;
            gss_buffer_desc mic = GSS_C_EMPTY_BUFFER, msg = GSS_C_EMPTY_BUFFER;

+            if (session->gssapi == NULL || session->gssapi->ctx == NULL) {
+                ssh_set_error(session, SSH_FATAL, "GSSAPI context not initialized");
+                goto error;
+            }
+
            mic.length = ssh_string_len(session->gssapi_key_exchange_mic);
            mic.value = ssh_string_data(session->gssapi_key_exchange_mic);