diff -Naur -x '*~' -x '*.orig' -x '*.rej' openssh-7.5p1/auth2-gss.c openssh-7.5p1-CVE-2018-15473/auth2-gss.c
--- openssh-7.5p1/auth2-gss.c	2018-08-22 19:17:35.750907742 +0200
+++ openssh-7.5p1-CVE-2018-15473/auth2-gss.c	2018-08-22 19:18:29.481548784 +0200
@@ -103,9 +103,6 @@
 	u_int len;
 	u_char *doid = NULL;
 
-	if (!authctxt->valid || authctxt->user == NULL)
-		return (0);
-
 	mechs = packet_get_int();
 	if (mechs == 0) {
 		debug("Mechanism negotiation is not supported");
@@ -136,6 +133,12 @@
 		return (0);
 	}
 
+	if (!authctxt->valid || authctxt->user == NULL) {
+		debug2("%s: disabled because of invalid user", __func__);
+		free(doid);
+		return (0);
+	}
+
 	if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
 		if (ctxt != NULL)
 			ssh_gssapi_delete_ctx(&ctxt);
diff -Naur -x '*~' -x '*.orig' -x '*.rej' openssh-7.5p1/auth2-hostbased.c openssh-7.5p1-CVE-2018-15473/auth2-hostbased.c
--- openssh-7.5p1/auth2-hostbased.c	2018-08-22 19:17:35.751907735 +0200
+++ openssh-7.5p1-CVE-2018-15473/auth2-hostbased.c	2018-08-22 19:18:45.138444637 +0200
@@ -66,10 +66,6 @@
 	int pktype;
 	int authenticated = 0;
 
-	if (!authctxt->valid) {
-		debug2("userauth_hostbased: disabled because of invalid user");
-		return 0;
-	}
 	pkalg = packet_get_string(&alen);
 	pkblob = packet_get_string(&blen);
 	chost = packet_get_string(NULL);
@@ -115,6 +111,11 @@
 		goto done;
 	}
 
+	if (!authctxt->valid || authctxt->user == NULL) {
+		debug2("%s: disabled because of invalid user", __func__);
+		goto done;
+	}
+
 	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
 	    authctxt->service;
 	buffer_init(&b);
diff -Naur -x '*~' -x '*.orig' -x '*.rej' openssh-7.5p1/auth2-pubkey.c openssh-7.5p1-CVE-2018-15473/auth2-pubkey.c
--- openssh-7.5p1/auth2-pubkey.c	2018-08-22 19:17:35.751907735 +0200
+++ openssh-7.5p1-CVE-2018-15473/auth2-pubkey.c	2018-08-22 19:20:31.232742225 +0200
@@ -79,16 +79,12 @@
 {
 	Buffer b;
 	Key *key = NULL;
-	char *pkalg, *userstyle, *pubkey, *fp = NULL;
-	u_char *pkblob, *sig;
+	char *pkalg = NULL, *userstyle = NULL, *pubkey = NULL, *fp = NULL;
+	u_char *pkblob = NULL, *sig = NULL;
 	u_int alen, blen, slen;
 	int have_sig, pktype;
 	int authenticated = 0;
 
-	if (!authctxt->valid) {
-		debug2("%s: disabled because of invalid user", __func__);
-		return 0;
-	}
 	have_sig = packet_get_char();
 	if (datafellows & SSH_BUG_PKAUTH) {
 		debug2("%s: SSH_BUG_PKAUTH", __func__);
@@ -149,6 +145,12 @@
 		} else {
 			buffer_put_string(&b, session_id2, session_id2_len);
 		}
+		if (!authctxt->valid || authctxt->user == NULL) {
+			debug2("%s: disabled because of invalid user", 
+			    __func__);
+			buffer_free(&b);
+			goto done;
+		}
 		/* reconstruct packet */
 		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
 		xasprintf(&userstyle, "%s%s%s", authctxt->user,
@@ -188,12 +190,16 @@
 			free(pubkey);
 		}
 		buffer_free(&b);
-		free(sig);
 	} else {
 		debug("%s: test whether pkalg/pkblob are acceptable for %s %s",
 		    __func__, sshkey_type(key), fp);
 		packet_check_eom();
 
+		if (!authctxt->valid || authctxt->user == NULL) {
+			debug2("%s: disabled because of invalid user", 
+			    __func__);
+			goto done;
+		}
 		/* XXX fake reply and always send PK_OK ? */
 		/*
 		 * XXX this allows testing whether a user is allowed
@@ -220,6 +226,7 @@
 	free(pkalg);
 	free(pkblob);
 	free(fp);
+	free(sig);
 	return authenticated;
 }