ssh: disallow gssapi-with-mic if GSSAPIWithMICConfig is not set The ability to trigger the 'gssapi-with-mic' authentication method is not properly gated by the presence of the GSSAPIWithMICConfig field of the ServerConfig type. If this field is not set and a client sends a 'gssapi-with-mic' request, regardless of if the server advertises it, the server will panic. This issue was discovered and reported by Joern Schneewesiz, GitLab Security Research Team. Fixes CVE-2020-29652 Change-Id: Ie25de2766e442c8ab46680aae3ac89b0823cdeed Reviewed-on: https://go-review.googlesource.com/c/crypto/+/278852 Trust: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org>

commit: 8b5274cf687fd9316b4108863654cc57385531e8 [log] [tgz]
author: Roland Shoemaker <roland@golang.org> Wed Dec 16 10:17:34 2020 -0800
committer: Roland Shoemaker <roland@golang.org> Wed Dec 16 22:30:49 2020 +0000
tree: 0183928d2fafb2f715756a35d986eeae89f39afa
parent: 5f87f3452ae96c4850ab9af7783f2517b643061b [diff]
diff --git a/ssh/server.go b/ssh/server.go
index 7d42a8c..b6911e8 100644
--- a/ssh/server.go
+++ b/ssh/server.go

@@ -572,6 +572,10 @@
 				perms = candidate.perms
 			}
 		case "gssapi-with-mic":
+			if config.GSSAPIWithMICConfig == nil {
+				authErr = errors.New("ssh: gssapi-with-mic auth not configured")
+				break
+			}
 			gssapiConfig := config.GSSAPIWithMICConfig
 			userAuthRequestGSSAPI, err := parseGSSAPIPayload(userAuthReq.Payload)
 			if err != nil {
commit	8b5274cf687fd9316b4108863654cc57385531e8	[log] [tgz]
author	Roland Shoemaker <roland@golang.org>	Wed Dec 16 10:17:34 2020 -0800
committer	Roland Shoemaker <roland@golang.org>	Wed Dec 16 22:30:49 2020 +0000
tree	0183928d2fafb2f715756a35d986eeae89f39afa
parent	5f87f3452ae96c4850ab9af7783f2517b643061b [diff]