summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-02-10 05:48:46 +0000
committerDamien Miller <djm@mindrot.org>2018-02-10 16:49:44 +1100
commitca613249a00b64b2eea9f52d3834b55c28cf2862 (patch)
treea477b3acbf6732bed70e2d41cf6fc0aa82f08694
parentb56ac069d46b6f800de34e1e935f98d050731d14 (diff)
upstream commit
Refuse to create a certificate with an unusable number of principals; Prompted by gdestuynder via github OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29
-rw-r--r--ssh-keygen.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d81f42cb6..9812c0d2a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.311 2018/02/10 05:43:26 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.312 2018/02/10 05:48:46 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1697,6 +1697,8 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1697 } 1697 }
1698 free(otmp); 1698 free(otmp);
1699 } 1699 }
1700 if (n > SSHKEY_CERT_MAX_PRINCIPALS)
1701 fatal("Too many certificate principals specified");
1700 1702
1701 tmp = tilde_expand_filename(argv[i], pw->pw_uid); 1703 tmp = tilde_expand_filename(argv[i], pw->pw_uid);
1702 if ((r = sshkey_load_public(tmp, &public, &comment)) != 0) 1704 if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)