Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 0d58e4d

Browse filesBrowse files
bodgitbodgit
committed
Use the correct token from the client
This fixes the case where AcceptSecContext is always called with the first token sent by the client instead of the most recently sent one. Fixes golang/go#43875
1 parent eec23a3 commit 0d58e4d
Copy full SHA for 0d58e4d

File tree

Expand file treeCollapse file tree

1 file changed

+3
-2
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+3
-2
lines changed

‎ssh/server.go

Copy file name to clipboardExpand all lines: ssh/server.go
+3-2Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -321,7 +321,7 @@ func checkSourceAddress(addr net.Addr, sourceAddrs string) error {
321321
return fmt.Errorf("ssh: remote address %v is not allowed because of source-address restriction", addr)
322322
}
323323

324-
func gssExchangeToken(gssapiConfig *GSSAPIWithMICConfig, firstToken []byte, s *connection,
324+
func gssExchangeToken(gssapiConfig *GSSAPIWithMICConfig, token []byte, s *connection,
325325
sessionID []byte, userAuthReq userAuthRequestMsg) (authErr error, perms *Permissions, err error) {
326326
gssAPIServer := gssapiConfig.Server
327327
defer gssAPIServer.DeleteSecContext()
@@ -331,7 +331,7 @@ func gssExchangeToken(gssapiConfig *GSSAPIWithMICConfig, firstToken []byte, s *c
331331
outToken []byte
332332
needContinue bool
333333
)
334-
outToken, srcName, needContinue, err = gssAPIServer.AcceptSecContext(firstToken)
334+
outToken, srcName, needContinue, err = gssAPIServer.AcceptSecContext(token)
335335
if err != nil {
336336
return err, nil, nil
337337
}
@@ -353,6 +353,7 @@ func gssExchangeToken(gssapiConfig *GSSAPIWithMICConfig, firstToken []byte, s *c
353353
if err := Unmarshal(packet, userAuthGSSAPITokenReq); err != nil {
354354
return nil, nil, err
355355
}
356+
token = userAuthGSSAPITokenReq.Token
356357
}
357358
packet, err := s.transport.readPacket()
358359
if err != nil {

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.