summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2013-12-29 17:45:51 +1100
committerDamien Miller <djm@mindrot.org>2013-12-29 17:45:51 +1100
commit0b36c83148976c7c8268f4f41497359e2fb26251 (patch)
treed851c5cdebf196e5bc34190e4b2d3e7b7068cf1b
parent4def184e9b6c36be6d965a9705632fc4c0c2a8af (diff)
- djm@cvs.openbsd.org 2013/12/19 01:19:41
[ssh-agent.c] bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com; ok dtucker
-rw-r--r--ChangeLog5
-rw-r--r--ssh-agent.c5
2 files changed, 9 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index c22c8b4de..604bbbb78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,11 @@
23 them. 23 them.
24 24
25 Diagnosis and fix by ronf AT timeheart.net 25 Diagnosis and fix by ronf AT timeheart.net
26 - djm@cvs.openbsd.org 2013/12/19 01:19:41
27 [ssh-agent.c]
28 bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
29 that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
30 ok dtucker
26 31
2720131221 3220131221
28 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. 33 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
diff --git a/ssh-agent.c b/ssh-agent.c
index 8210a8e34..95117e076 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.180 2013/12/06 13:39:49 markus Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.181 2013/12/19 01:19:41 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -660,6 +660,9 @@ process_remove_smartcard_key(SocketEntry *e)
660 tab = idtab_lookup(version); 660 tab = idtab_lookup(version);
661 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 661 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
662 nxt = TAILQ_NEXT(id, next); 662 nxt = TAILQ_NEXT(id, next);
663 /* Skip file--based keys */
664 if (id->provider == NULL)
665 continue;
663 if (!strcmp(provider, id->provider)) { 666 if (!strcmp(provider, id->provider)) {
664 TAILQ_REMOVE(&tab->idlist, id, next); 667 TAILQ_REMOVE(&tab->idlist, id, next);
665 free_identity(id); 668 free_identity(id);