diff --git a/src/auth.c b/src/auth.c index 295f3451..94aaf05f 100644 --- a/src/auth.c +++ b/src/auth.c @@ -2501,6 +2501,11 @@ int ssh_userauth_gssapi_keyex(ssh_session session) return SSH_ERROR; } + if (session->gssapi == NULL) { + ssh_set_error(session, SSH_FATAL, "GSSAPI context not initialized"); + return SSH_ERROR; + } + rc = ssh_userauth_request_service(session); if (rc == SSH_AGAIN) { return SSH_AUTH_AGAIN; diff --git a/src/gssapi.c b/src/gssapi.c index 21565528..94ecee22 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -1205,6 +1205,11 @@ int ssh_gssapi_auth_keyex_mic(ssh_session session, gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER; OM_uint32 maj_stat, min_stat; + if (session->gssapi == NULL || session->gssapi->ctx == NULL) { + ssh_set_error(session, SSH_FATAL, "GSSAPI context not initialized"); + return SSH_ERROR; + } + buf = ssh_gssapi_build_mic(session, "gssapi-keyex"); if (buf == NULL) { ssh_set_error_oom(session); diff --git a/src/messages.c b/src/messages.c index ce0bc7a5..5372c612 100644 --- a/src/messages.c +++ b/src/messages.c @@ -1163,6 +1163,12 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request) goto error; } + if (session->gssapi == NULL || session->gssapi->ctx == NULL) { + ssh_set_error(session, SSH_FATAL, "GSSAPI context not initialized"); + ssh_auth_reply_default(session, 0); + goto error; + } + rc = ssh_buffer_unpack(packet, "S", &mic_token_string); if (rc != SSH_OK) { ssh_auth_reply_default(session, 0); diff --git a/src/packet_cb.c b/src/packet_cb.c index 0da24f2e..0fee5d48 100644 --- a/src/packet_cb.c +++ b/src/packet_cb.c @@ -182,6 +182,11 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys) OM_uint32 maj_stat, min_stat; gss_buffer_desc mic = GSS_C_EMPTY_BUFFER, msg = GSS_C_EMPTY_BUFFER; + if (session->gssapi == NULL || session->gssapi->ctx == NULL) { + ssh_set_error(session, SSH_FATAL, "GSSAPI context not initialized"); + goto error; + } + mic.length = ssh_string_len(session->gssapi_key_exchange_mic); mic.value = ssh_string_data(session->gssapi_key_exchange_mic);