Comment 3 for bug 1934501

Thanks for the suggestion. But I believe this is a separate issue:

1. As far as I can tell, this issue is related to public key and not gssapi auth method. In the tests I made GSSAPIAuthentication was set to default (i.e. turned off).

2. I have been unable to reproduce it in vanilla OpenSSH releases. Only time I can reproduce it is after patch CVE-2018-15473.patch has been applied.

Further just to check, I have just tried with a vanilla openssh-7.8p1.tar.gz (as identified in https://www.openwall.com/lists/oss-security/2018/08/27/2) and the issue is not present. Also, I broke CVE-2018-15473.patch up and only applied changes that it makes to auth2-pubkey.c (i.e. ignoring that changes to auth2-gss.c) and the issue was present.

Regardless, considering the age of the software and the effort required to property track this down I guess this will be marked as a WontFix issue too.