On Fri, Aug 25, 2006 at 12:43:02PM +1000, Darren Tucker wrote:
> On Thu, Aug 24, 2006 at 11:29:54AM +0200, Jan Johansson wrote:
> > Hello.
> >
> > ssh on a recent snapshot does not like trying gssapi-with-mic when there
> > is no ticket file.
> >
> > I did not see any relevant patches in the CVS web.
>
> According to Simon Wilkinson (the author of the code that makes that
> library call) it may be a problem with the library and the following
> diff may work around the problem (at the expense of leaking some memory)
> while we figure out what the root cause is.
It would appear that while the underlying problem is in the kerberos
library, Simon has provided a better workaround (below) which has been
applied to ssh and will be in the next snapshot. Thanks for the report.
Index: gss-genr.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/gss-genr.c,v
retrieving revision 1.16
diff -u -p -r1.16 gss-genr.c
--- gss-genr.c 2006/08/18 22:41:29 1.16
+++ gss-genr.c 2006/08/29 00:46:14
@@ -306,8 +306,9 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
NULL);
gss_release_buffer(&minor, &token);
- gss_delete_sec_context(&minor, &(*ctx)->context,
- GSS_C_NO_BUFFER);
+ if ((*ctx)->context != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context(&minor, &(*ctx)->context,
+ GSS_C_NO_BUFFER);
}
if (GSS_ERROR(major))
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
