From 6b8ab4bcd2adf63c0a6f0d05fd7e6bd54e36b9a7 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 28 Oct 2019 14:17:19 +0100
Subject: [PATCH] SSH-01-006: Add missing NULL check in
 ssh_gssapi_handle_userauth()

Fixes T193

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
 src/gssapi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/gssapi.c b/src/gssapi.c
index 9a32fa90..a1bd808a 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -297,6 +297,10 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n
     for (i=0 ; i< n_oid ; ++i){
         unsigned char *oid_s = (unsigned char *) ssh_string_data(oids[i]);
         size_t len = ssh_string_len(oids[i]);
+
+        if (oid_s == NULL) {
+            continue;
+        }
         if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){
             SSH_LOG(SSH_LOG_WARNING,"GSSAPI: received invalid OID");
             continue;