SSH-01-006: Add missing NULL check in ssh_gssapi_handle_userauth()

Fixes T193 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2025-12-03 13:31:11 +03:00 · 2019-10-28 14:17:19 +01:00
parent af2ea417da
commit 6b8ab4bcd2
1 changed files with 4 additions and 0 deletions
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -297,6 +297,10 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n
    for (i=0 ; i< n_oid ; ++i){
        unsigned char *oid_s = (unsigned char *) ssh_string_data(oids[i]);
        size_t len = ssh_string_len(oids[i]);
+
+        if (oid_s == NULL) {
+            continue;
+        }
        if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){
            SSH_LOG(SSH_LOG_WARNING,"GSSAPI: received invalid OID");
            continue;