upstream: ssh-keygen -Y check-novalidate requires namespace or SEGV

will ensue. Patch from Mateusz Adamowski via GHPR#307 OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd
author: djm@openbsd.org <djm@openbsd.org> 2022-03-18 02:31:25 +0000
committer: Damien Miller <djm@mindrot.org> 2022-03-18 13:33:36 +1100
commit: a0b5816f8f1f645acdf74f7bc11b34455ec30bac (patch)
tree: 4078a7d7d120e4403392f24991a21bded67369d6
parent: 5a252d54a63be30d5ba4be76210942d754a531c0 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d4b7f4dc..34c316d2 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.448 2022/02/01 23:32:51 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.449 2022/03/18 02:31:25 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3538,6 +3538,12 @@ main(int argc, char **argv)
 			return sig_sign(identity_file, cert_principals,
 			    argc, argv, opts, nopts);
 		} else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
+			if (cert_principals == NULL ||
+			    *cert_principals == '\0') {
+				error("Too few arguments for check-novalidate: "
+				    "missing namespace");
+				exit(1);
+			}
 			if (ca_key_path == NULL) {
 				error("Too few arguments for check-novalidate: "
 				    "missing signature file");
author	djm@openbsd.org <djm@openbsd.org>	2022-03-18 02:31:25 +0000
committer	Damien Miller <djm@mindrot.org>	2022-03-18 13:33:36 +1100
commit	a0b5816f8f1f645acdf74f7bc11b34455ec30bac (patch)
tree	4078a7d7d120e4403392f24991a21bded67369d6
parent	5a252d54a63be30d5ba4be76210942d754a531c0 (diff)