upstream commit

make sure we don't pass a NULL string to vfprintf
(triggered by the principals-command regress test); ok bluhm

Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990

3 files changed, 9 insertions, 9 deletions

diff --git a/auth-options.c b/auth-options.c
index 57b49f7fd..0a191dbba 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.72 2016/11/30 02:57:40 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.73 2017/05/31 10:54:00 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -119,7 +119,8 @@ match_flag(const char *opt, int allow_negate, char **optsp, const char *msg)
  * side effect: sets key option flags
  */
 int
-auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
+auth_parse_options(struct passwd *pw, char *opts, const char *file,
+    u_long linenum)
 {
         struct ssh *ssh = active_state;         /* XXX */
         const char *cp;
diff --git a/auth-options.h b/auth-options.h
index 52cbb42aa..547f01635 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.h,v 1.22 2016/11/30 02:57:40 djm Exp $ */
+/* $OpenBSD: auth-options.h,v 1.23 2017/05/31 10:54:00 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -33,7 +33,7 @@ extern int forced_tun_device;
 extern int key_is_cert_authority;
 extern char *authorized_principals;
 
-int     auth_parse_options(struct passwd *, char *, char *, u_long);
+int     auth_parse_options(struct passwd *, char *, const char *, u_long);
 void    auth_clear_options(void);
 int     auth_cert_options(struct sshkey *, struct passwd *, const char **);
 
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 271dbaf65..5794f1f4d 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.66 2017/05/31 09:15:42 deraadt Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.67 2017/05/31 10:54:00 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -587,7 +587,7 @@ match_principals_option(const char *principal_list, struct sshkey_cert *cert)
 }
 
 static int
-process_principals(FILE *f, char *file, struct passwd *pw,
+process_principals(FILE *f, const char *file, struct passwd *pw,
     const struct sshkey_cert *cert)
 {
         char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
@@ -625,8 +625,7 @@ process_principals(FILE *f, char *file, struct passwd *pw,
                 for (i = 0; i < cert->nprincipals; i++) {
                         if (strcmp(cp, cert->principals[i]) == 0) {
                                 debug3("%s:%lu: matched principal \"%.100s\"",
-                                    file == NULL ? "(command)" : file,
-                                    linenum, cert->principals[i]);
+                                    file, linenum, cert->principals[i]);
                                 if (auth_parse_options(pw, line_opts,
                                     file, linenum) != 1)
                                         continue;
@@ -757,7 +756,7 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
         uid_swapped = 1;
         temporarily_use_uid(pw);
 
-        ok = process_principals(f, NULL, pw, cert);
+        ok = process_principals(f, "(command)", pw, cert);
 
         fclose(f);
         f = NULL;