Gssctxt *gssctxt;
gss_buffer_desc send_tok,recv_tok;
OM_uint32 maj_status, min_status;
+ int len;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
fatal("No authentication or GSSAPI context");
gssctxt=authctxt->methoddata;
- recv_tok.value=packet_get_string(&recv_tok.length);
+ recv_tok.value=packet_get_string(&len);
+ recv_tok.length=len; /* int vs. size_t */
maj_status=PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, NULL));
debug("Received GSSAPI_CONTINUE");
if (maj_status == GSS_S_COMPLETE)
fatal("GSSAPI Continue received from server when complete");
- recv_tok.value=packet_get_string(&recv_tok.length);
+ recv_tok.value=packet_get_string(&slen);
+ recv_tok.length=slen; /* int vs. size_t */
break;
case SSH2_MSG_KEXGSS_COMPLETE:
debug("Received GSSAPI_COMPLETE");
packet_get_bignum2(dh_server_pub);
- msg_tok.value=
- packet_get_string(&msg_tok.length);
+ msg_tok.value=packet_get_string(&slen);
+ msg_tok.length=slen; /* int vs. size_t */
/* Is there a token included? */
if (packet_get_char()) {
recv_tok.value=
- packet_get_string(&recv_tok.length);
+ packet_get_string(&slen);
+ recv_tok.length=slen; /* int/size_t */
/* If we're already complete - protocol error */
if (maj_status == GSS_S_COMPLETE)
packet_disconnect("Protocol error: received token when complete");
memset(kbuf, 0, klen);
xfree(kbuf);
+ slen=0;
hash = kex_gssapi_hash(
kex->client_version_string,
kex->server_version_string,
BIGNUM *dh_client_pub = NULL;
int type =0;
gss_OID oid;
+ u_int slen;
/* Initialise GSSAPI */
case SSH2_MSG_KEXGSS_INIT:
if (dh_client_pub!=NULL)
packet_disconnect("Received KEXGSS_INIT after initialising");
- recv_tok.value=packet_get_string(&recv_tok.length);
+ recv_tok.value=packet_get_string(&slen);
+ recv_tok.length=slen; /* int vs. size_t */
dh_client_pub = BN_new();
case SSH2_MSG_KEXGSS_CONTINUE:
if (dh_client_pub == NULL)
packet_disconnect("Received KEXGSS_CONTINUE without initialising");
- recv_tok.value=packet_get_string(&recv_tok.length);
+ recv_tok.value=packet_get_string(&slen);
+ recv_tok.length=slen; /* int vs. size_t */
break;
default:
packet_disconnect("Protocol error: didn't expect packet type %d",
char *gssapi_auth_type = NULL;
struct hostent *hostinfo;
char *addr;
+ unsigned int slen;
/*
* host is not guarenteed to be a FQDN, so we need to make sure it is.
#endif /* GSSAPI */
- debug("req_flags = %lu", req_flags);
+ debug("req_flags = %u", req_flags);
name_tok.value = service_name;
name_tok.length = strlen(service_name) + 1;
}
/* Read the mechanism the server returned */
- mech_oid.elements = packet_get_string((unsigned int *) &(mech_oid.length));
+ mech_oid.elements = packet_get_string(&slen);
+ mech_oid.length = slen; /* safe typecast */
packet_get_all();
/*
/* Does not return */
}
- recv_tok.value = packet_get_string((unsigned int *) &recv_tok.length);
+ recv_tok.value = packet_get_string(&slen);
+ recv_tok.length=slen; /* safe typecast */
packet_get_all();
token_ptr = &recv_tok;
}
gss_qop_t qop_state;
- wrapped_buf.value = packet_get_string(&(wrapped_buf.length));
+ wrapped_buf.value = packet_get_string(&slen);
+ wrapped_buf.length=slen; /* safe typecast */
packet_get_all();
maj_stat = gss_unwrap(&min_stat,
if (unwrapped_buf.length != sizeof(ssh_key_digest)) {
packet_disconnect("Verification of SSHD keys through GSSAPI-secured channel failed: "
"Size of key hashes do not match (%d != %d)!",
- unwrapped_buf.length, sizeof(ssh_key_digest));
+ (int)unwrapped_buf.length,
+ (int)sizeof(ssh_key_digest));
}
if (memcmp(ssh_key_digest, unwrapped_buf.value, sizeof(ssh_key_digest)) != 0) {
Gssctxt *gssctxt;
gss_buffer_desc send_tok,recv_tok;
OM_uint32 status;
+ u_int slen;
if (authctxt == NULL)
fatal("input_gssapi_response: no authentication context");
gssctxt = authctxt->methoddata;
- recv_tok.value=packet_get_string(&recv_tok.length);
+ recv_tok.value=packet_get_string(&slen);
+ recv_tok.length=slen; /* safe typecast */
status=ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
&recv_tok, &send_tok, NULL);