upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtucker

OpenBSD-Commit-ID: ce66db603a913d3dd57063e330cb5494d70722c4

diff --git a/auth2-gss.c b/auth2-gss.c
index 2062609d9308948d82f53c5ddcc89ca36119b52e..f72a38998fcbb0524bdf59c17938184d983202b8 100644 (file)
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.33 2021/12/19 22:12:07 djm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.34 2023/03/31 04:22:27 djm Exp $ */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -48,6 +48,8 @@
 #include "ssh-gss.h"
 #include "monitor_wrap.h"
 
+#define SSH_GSSAPI_MAX_MECHS   2048
+
 extern ServerOptions options;
 
 static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh);
@@ -75,7 +77,11 @@ userauth_gssapi(struct ssh *ssh, const char *method)
                fatal_fr(r, "parse packet");
 
        if (mechs == 0) {
-               debug("Mechanism negotiation is not supported");
+               logit_f("mechanism negotiation is not supported");
+               return (0);
+       } else if (mechs > SSH_GSSAPI_MAX_MECHS) {
+               logit_f("too many mechanisms requested %u > %u", mechs,
+                   SSH_GSSAPI_MAX_MECHS);
                return (0);
        }
 
@@ -94,7 +100,7 @@ userauth_gssapi(struct ssh *ssh, const char *method)
                        goid.length   = len - 2;
                        ssh_gssapi_test_oid_supported(&ms, &goid, &present);
                } else {
-                       logit("Badly formed OID received");
+                       logit_f("badly formed OID received");
                }
        } while (mechs > 0 && !present);