5 files changed, 42 insertions, 3 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 9ddb5b008..39a4a89ba 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-a0f9daa9c3cc2b37b9707b228263eb717d201371
+35b2ea77a74348b575d680061f35ec7992b26ec8
-a0f9daa9c3cc2b37b9707b228263eb717d201371
+35b2ea77a74348b575d680061f35ec7992b26ec8
 971a7653746a6972b907dfe0ce139c06e4a6f482
 971a7653746a6972b907dfe0ce139c06e4a6f482
 openssh_7.4p1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 6d6a0f817..1b4a2d1f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:7.4p1-9) UNRELEASED; urgency=medium
+  * Fix null pointer dereference in ssh-keygen; this fixes an autopkgtest
+    regression introduced in 1:7.4p1-8.
+ -- Colin Watson <cjwatson@debian.org>  Thu, 16 Mar 2017 13:42:24 +0000
 openssh (1:7.4p1-8) unstable; urgency=medium
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
diff --git a/debian/patches/series b/debian/patches/series
index 2d9d2bc12..32f913e89 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -32,3 +32,4 @@ no-dsa-host-key-by-default.patch
 restore-authorized_keys2.patch
 ssh-keygen-hash-corruption.patch
 ssh-keyscan-hash-port.patch
+ssh-keygen-null-deref.patch
diff --git a/debian/patches/ssh-keygen-null-deref.patch b/debian/patches/ssh-keygen-null-deref.patch
new file mode 100644
index 000000000..0220d7c66
--- /dev/null
+++ b/debian/patches/ssh-keygen-null-deref.patch
@@ -0,0 +1,31 @@
+From 35b2ea77a74348b575d680061f35ec7992b26ec8 Mon Sep 17 00:00:00 2001
+From: "dtucker@openbsd.org" <dtucker@openbsd.org>
+Date: Mon, 6 Mar 2017 02:03:20 +0000
+Subject: upstream commit
+Check l->hosts before dereferencing; fixes potential null
+pointer deref. ok djm@
+Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
+Origin: https://anongit.mindrot.org/openssh.git/commit/?id=18501151cf272a15b5f2c5e777f2e0933633c513
+Last-Update: 2017-03-16
+Patch-Name: ssh-keygen-null-deref.patch
+---
+ ssh-keygen.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index 0833ee61..a7c1e80b 100644
+--- a/ssh-keygen.c
+++ b/ssh-keygen.c
+@@ -1082,7 +1082,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
+        struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
+        char *hashed, *cp, *hosts, *ohosts;
+        int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
+-       int was_hashed = l->hosts[0] == HASH_DELIM;
+       int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
+ 
+        switch (l->status) {
+        case HKF_STATUS_OK:
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 0833ee61d..a7c1e80b9 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1082,7 +1082,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
        struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
        char *hashed, *cp, *hosts, *ohosts;
        int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
-        int was_hashed = l->hosts[0] == HASH_DELIM;
+        int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
        switch (l->status) {
        case HKF_STATUS_OK:

diff --git a/debian/.git-dpm b/debian/.git-dpm index 9ddb5b008..39a4a89ba 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
1	# see git-dpm(1) from git-dpm package	1	# see git-dpm(1) from git-dpm package
2	a0f9daa9c3cc2b37b9707b228263eb717d201371	2	35b2ea77a74348b575d680061f35ec7992b26ec8
3	a0f9daa9c3cc2b37b9707b228263eb717d201371	3	35b2ea77a74348b575d680061f35ec7992b26ec8
4	971a7653746a6972b907dfe0ce139c06e4a6f482	4	971a7653746a6972b907dfe0ce139c06e4a6f482
5	971a7653746a6972b907dfe0ce139c06e4a6f482	5	971a7653746a6972b907dfe0ce139c06e4a6f482
6	openssh_7.4p1.orig.tar.gz	6	openssh_7.4p1.orig.tar.gz


diff --git a/debian/changelog b/debian/changelog index 6d6a0f817..1b4a2d1f8 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,3 +1,10 @@
		1	openssh (1:7.4p1-9) UNRELEASED; urgency=medium
		2
		3	* Fix null pointer dereference in ssh-keygen; this fixes an autopkgtest
		4	regression introduced in 1:7.4p1-8.
		5
		6	-- Colin Watson <cjwatson@debian.org> Thu, 16 Mar 2017 13:42:24 +0000
		7
1	openssh (1:7.4p1-8) unstable; urgency=medium	8	openssh (1:7.4p1-8) unstable; urgency=medium
2		9
3	* Fix ssh-keygen -H accidentally corrupting known_hosts that contained	10	* Fix ssh-keygen -H accidentally corrupting known_hosts that contained


diff --git a/debian/patches/series b/debian/patches/series index 2d9d2bc12..32f913e89 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -32,3 +32,4 @@ no-dsa-host-key-by-default.patch
32	restore-authorized_keys2.patch	32	restore-authorized_keys2.patch
33	ssh-keygen-hash-corruption.patch	33	ssh-keygen-hash-corruption.patch
34	ssh-keyscan-hash-port.patch	34	ssh-keyscan-hash-port.patch
		35	ssh-keygen-null-deref.patch


diff --git a/debian/patches/ssh-keygen-null-deref.patch b/debian/patches/ssh-keygen-null-deref.patch new file mode 100644 index 000000000..0220d7c66 --- /dev/null +++ b/debian/patches/ssh-keygen-null-deref.patch
@@ -0,0 +1,31 @@
		1	From 35b2ea77a74348b575d680061f35ec7992b26ec8 Mon Sep 17 00:00:00 2001
		2	From: "dtucker@openbsd.org" <dtucker@openbsd.org>
		3	Date: Mon, 6 Mar 2017 02:03:20 +0000
		4	Subject: upstream commit
		5
		6	Check l->hosts before dereferencing; fixes potential null
		7	pointer deref. ok djm@
		8
		9	Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
		10
		11	Origin: https://anongit.mindrot.org/openssh.git/commit/?id=18501151cf272a15b5f2c5e777f2e0933633c513
		12	Last-Update: 2017-03-16
		13
		14	Patch-Name: ssh-keygen-null-deref.patch
		15	---
		16	ssh-keygen.c \| 2 +-
		17	1 file changed, 1 insertion(+), 1 deletion(-)
		18
		19	diff --git a/ssh-keygen.c b/ssh-keygen.c
		20	index 0833ee61..a7c1e80b 100644
		21	--- a/ssh-keygen.c
		22	+++ b/ssh-keygen.c
		23	@@ -1082,7 +1082,7 @@ known_hosts_hash(struct hostkey_foreach_line l, void _ctx)
		24	struct known_hosts_ctx ctx = (struct known_hosts_ctx )_ctx;
		25	char hashed, cp, hosts, ohosts;
		26	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
		27	- int was_hashed = l->hosts[0] == HASH_DELIM;
		28	+ int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
		29
		30	switch (l->status) {
		31	case HKF_STATUS_OK:


diff --git a/ssh-keygen.c b/ssh-keygen.c index 0833ee61d..a7c1e80b9 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1082,7 +1082,7 @@ known_hosts_hash(struct hostkey_foreach_line l, void _ctx)
1082	struct known_hosts_ctx ctx = (struct known_hosts_ctx )_ctx;	1082	struct known_hosts_ctx ctx = (struct known_hosts_ctx )_ctx;
1083	char hashed, cp, hosts, ohosts;	1083	char hashed, cp, hosts, ohosts;
1084	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);	1084	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
1085	int was_hashed = l->hosts[0] == HASH_DELIM;	1085	int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
1086		1086
1087	switch (l->status) {	1087	switch (l->status) {
1088	case HKF_STATUS_OK:	1088	case HKF_STATUS_OK: