summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2020-05-01 04:23:11 +0000
committerDamien Miller <djm@mindrot.org>2020-05-01 16:40:11 +1000
commit99ce9cefbe532ae979744c6d956b49f4b02aff82 (patch)
tree827652826b5a58badd6f7b675793fba13c8aa9f6
parent6c6072ba8b079e6f5caa38b011a6f4570c14ed38 (diff)
upstream: avoid NULL dereference when attempting to convert invalid
ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298
Diffstat
-rw-r--r--ssh-keygen.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d50ca5f28..d7974f3dc 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.407 2020/04/20 04:43:57 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.408 2020/05/01 04:23:11 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -669,9 +669,10 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
669 encoded[len-3] = '\0'; 669 encoded[len-3] = '\0';
670 if ((r = sshbuf_b64tod(buf, encoded)) != 0) 670 if ((r = sshbuf_b64tod(buf, encoded)) != 0)
671 fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r)); 671 fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r));
672 if (*private) 672 if (*private) {
673 *k = do_convert_private_ssh2(buf); 673 if ((*k = do_convert_private_ssh2(buf)) == NULL)
674 else if ((r = sshkey_fromb(buf, k)) != 0) 674 fatal("%s: private key conversion failed", __func__);
675 } else if ((r = sshkey_fromb(buf, k)) != 0)
675 fatal("decode blob failed: %s", ssh_err(r)); 676 fatal("decode blob failed: %s", ssh_err(r));
676 sshbuf_free(buf); 677 sshbuf_free(buf);
677 fclose(fp); 678 fclose(fp);
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 09:23:47 +0000