From 5d7414467d6dac100a93df761b06de5cd07fc69a Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Wed, 5 Sep 2018 12:14:07 +0200
Subject: [PATCH] CVE-2018-10933: Set correct state after sending MIC

After sending the client token, the auth state is set as
SSH_AUTH_STATE_GSSAPI_MIC_SENT.  Then this can be expected to be the
state when a USERAUTH_FAILURE or USERAUTH_SUCCESS arrives.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/gssapi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/gssapi.c b/src/gssapi.c
index 51b69e7a..77df0b59 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -960,8 +960,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
     }
 
     if (maj_stat == GSS_S_COMPLETE) {
-        session->auth.state = SSH_AUTH_STATE_NONE;
         ssh_gssapi_send_mic(session);
+        session->auth.state = SSH_AUTH_STATE_GSSAPI_MIC_SENT;
     }
 
     return SSH_PACKET_USED;