upstream: release GSS OIDs only at end of authentication; bz2982,

ok dtucker@ OpenBSD-Commit-ID: 0daa41e0525ae63cae4483519ecaa37ac485d94c
2025-01-20 08:30:46 +00:00 · 2023-10-12 02:15:53 +00:00 · 2023-10-12 02:15:53 +00:00 · 7f3180be8a
commit 7f3180be8a
parent a612b93de5
1 changed files with 9 additions and 4 deletions
--- a/sshconnect2.c
+++ b/sshconnect2.c
@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.367 2023/08/01 08:15:04 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.368 2023/10/12 02:15:53 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@ -476,6 +476,14 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
 	ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success);	/* loop until success */
 	pubkey_cleanup(ssh);
+#ifdef GSSAPI
+	if (authctxt.gss_supported_mechs != NULL) {
+		u_int ms;
+
+		gss_release_oid_set(&ms, &authctxt.gss_supported_mechs);
+		authctxt.gss_supported_mechs = NULL;
+	}
+#endif
 	ssh->authctxt = NULL;

 	ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
@ -820,9 +828,6 @@ userauth_gssapi_cleanup(struct ssh *ssh)

 	ssh_gssapi_delete_ctx(&gssctxt);
 	authctxt->methoddata = NULL;
-
-	free(authctxt->gss_supported_mechs);
-	authctxt->gss_supported_mechs = NULL;
 }

 static OM_uint32