diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2022-03-30 04:27:51 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2022-03-30 15:34:33 +1100 |
| commit | 6d4fc51adb9d8a42f67b5474f02f877422379de6 (patch) | |
| tree | 8f53310dcb47b3be046cd1a6ebf95058f4e6f470 | |
| parent | e937514920335b92b543fd9be79cd6481d1eb0b6 (diff) | |
upstream: avoid NULL deref via ssh-keygen -Y find-principals.
bz3409, reported by Mateusz Adamowski
OpenBSD-Commit-ID: a3b2c02438052ee858e0ee18e5a288586b5df2c5
| -rw-r--r-- | sshsig.c | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshsig.c,v 1.28 2022/02/01 23:34:47 djm Exp $ */ +/* $OpenBSD: sshsig.c,v 1.29 2022/03/30 04:27:51 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -739,7 +739,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */ /* format: identity[,identity...] [option[,option...]] key */ - if ((tmp = strdelimw(&cp)) == NULL) { + if ((tmp = strdelimw(&cp)) == NULL || cp == NULL) { error("%s:%lu: invalid line", path, linenum); r = SSH_ERR_INVALID_FORMAT; goto out; @@ -777,6 +777,11 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, r = SSH_ERR_INVALID_FORMAT; goto out; } + if (cp == NULL || *cp == '\0') { + error("%s:%lu: missing key", path, linenum); + r = SSH_ERR_INVALID_FORMAT; + goto out; + } *cp++ = '\0'; skip_space(&cp); if (sshkey_read(key, &cp) != 0) { |