tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: avoid NULL deref via ssh-keygen -Y find-principals. 

bz3409, reported by Mateusz Adamowski

OpenBSD-Commit-ID: a3b2c02438052ee858e0ee18e5a288586b5df2c5
This commit is contained in:
djm@openbsd.org 2022-03-30 04:27:51 +00:00 committed by Damien Miller
parent e937514920
commit 6d4fc51adb
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sshsig.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshsig.c,v 1.28 2022/02/01 23:34:47 djm Exp $ */ /* $OpenBSD: sshsig.c,v 1.29 2022/03/30 04:27:51 djm Exp $ */
/* /*
* Copyright (c) 2019 Google LLC * Copyright (c) 2019 Google LLC
* *
@ -739,7 +739,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line,
return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */ return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */
/* format: identity[,identity...] [option[,option...]] key */ /* format: identity[,identity...] [option[,option...]] key */
if ((tmp = strdelimw(&cp)) == NULL) { if ((tmp = strdelimw(&cp)) == NULL || cp == NULL) {
error("%s:%lu: invalid line", path, linenum); error("%s:%lu: invalid line", path, linenum);
r = SSH_ERR_INVALID_FORMAT; r = SSH_ERR_INVALID_FORMAT;
goto out; goto out;
@ -777,6 +777,11 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line,
r = SSH_ERR_INVALID_FORMAT; r = SSH_ERR_INVALID_FORMAT;
goto out; goto out;
} }
if (cp == NULL || *cp == '\0') {
error("%s:%lu: missing key", path, linenum);
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
*cp++ = '\0'; *cp++ = '\0';
skip_space(&cp); skip_space(&cp);
if (sshkey_read(key, &cp) != 0) { if (sshkey_read(key, &cp) != 0) {