authctxt->user should never be null but add a test just to be sure

diff --git a/openssh/auth.c b/openssh/auth.c
index 5d3bb1d1b14c6c1de0429a65937ea35ce2a8838f..e1f4681d3cf5b0c7c71c19dda845b3408f8c1ac3 100644 (file)
--- a/openssh/auth.c
+++ b/openssh/auth.c
@@ -256,7 +256,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
            authmsg,
            method,
            authctxt->valid ? "" : "illegal user ",
-           (authctxt->user[0]) ? authctxt->user : "<implicit>",
+           (authctxt->user && authctxt->user[0]) ? authctxt->user : "<implicit>",
            get_remote_ipaddr(),
            get_remote_port(),
            info);

diff --git a/openssh/auth2-gss.c b/openssh/auth2-gss.c
index d74d98f40b09b8db92b55a6a2e6a3f1e8f9dcf97..64ee33278ccace850d8f0f88b6e4504b7182e82c 100644 (file)
--- a/openssh/auth2-gss.c
+++ b/openssh/auth2-gss.c
@@ -56,8 +56,9 @@ userauth_external(Authctxt *authctxt)
 {
         packet_check_eom();
 
-       if (authctxt->valid && strcmp(authctxt->user, "") != 0) {
-           return(PRIVSEP(ssh_gssapi_userok(authctxt->user)));
+       if (authctxt->valid && authctxt->user &&
+           strcmp(authctxt->user, "") != 0) {
+               return(PRIVSEP(ssh_gssapi_userok(authctxt->user)));
        }
        return 0;
 }
@@ -231,7 +232,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
 static void
 gssapi_set_implicit_username(Authctxt *authctxt)
 {
-    if ((strcmp(authctxt->user, "") == 0) && (authctxt->pw == NULL)) {
+    if ((authctxt->user == NULL) || (strcmp(authctxt->user, "") == 0)) {
        char *lname = NULL;
        PRIVSEP(ssh_gssapi_localname(&lname));
        if (lname && lname[0] != '\0') {