From 4086bd6652c0badccc020218a62190a7798fb72c Mon Sep 17 00:00:00 2001
From: "markus@openbsd.org" <markus@openbsd.org>
Date: Fri, 8 Dec 2023 09:18:39 +0000
Subject: [PATCH] upstream: prevent leak in sshsig_match_principals; ok djm@

OpenBSD-Commit-ID: 594f61ad4819ff5c72dfe99ba666a17f0e1030ae
---
 sshsig.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/sshsig.c b/sshsig.c
index d219db90e..d50d65fe2 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshsig.c,v 1.33 2023/09/06 23:18:15 djm Exp $ */
+/* $OpenBSD: sshsig.c,v 1.34 2023/12/08 09:18:39 markus Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -1121,12 +1121,11 @@ sshsig_match_principals(const char *path, const char *principal,
 	if (ret == 0) {
 		if (nprincipals == 0)
 			ret = SSH_ERR_KEY_NOT_FOUND;
+		if (nprincipalsp != 0)
+			*nprincipalsp = nprincipals;
 		if (principalsp != NULL) {
 			*principalsp = principals;
 			principals = NULL; /* transferred */
-		}
-		if (nprincipalsp != 0) {
-			*nprincipalsp = nprincipals;
 			nprincipals = 0;
 		}
 	}