- djm@cvs.openbsd.org 2013/01/24 22:08:56

[krl.c] skip serial lookup when cert's serial number is zero
author: Damien Miller <djm@mindrot.org> 2013-02-12 10:54:54 +1100
committer: Damien Miller <djm@mindrot.org> 2013-02-12 10:54:54 +1100
commit: 6045f5d5748582dff473934d760cf0e7e892da8b (patch)
tree: 0dbceeee28084e98c72c1dc5a6f9fa326934ccc4
parent: ea078462ea9b6efec982dce999ffa47ca1055077 (diff)
2 files changed, 5 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index d663448ea..87fe12d71 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
   - djm@cvs.openbsd.org 2013/01/24 21:45:37
     [krl.c]
     fix handling of (unused) KRL signatures; skip string in correct buffer
+   - djm@cvs.openbsd.org 2013/01/24 22:08:56
+     [krl.c]
+     skip serial lookup when cert's serial number is zero
 20130211
 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
diff --git a/krl.c b/krl.c
index 8e53f46dc..916852675 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
-/* $OpenBSD: krl.c,v 1.5 2013/01/24 21:45:37 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.6 2013/01/24 22:08:56 djm Exp $ */
 #include "includes.h"
@@ -1149,7 +1149,7 @@ is_key_revoked(struct ssh_krl *krl, const Key *key)
        }
        /* Legacy cert formats lack serial numbers */
-        if (key_cert_is_legacy(key))
+        if (key_cert_is_legacy(key) || key->cert->serial == buf0)
                return 0;
        bzero(&rs, sizeof(rs));
author	Damien Miller <djm@mindrot.org>	2013-02-12 10:54:54 +1100
committer	Damien Miller <djm@mindrot.org>	2013-02-12 10:54:54 +1100
commit	6045f5d5748582dff473934d760cf0e7e892da8b (patch)
tree	0dbceeee28084e98c72c1dc5a6f9fa326934ccc4
parent	ea078462ea9b6efec982dce999ffa47ca1055077 (diff)