2 files changed, 10 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index 0c018c29e..870f0cc8b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,7 +5,9 @@
     fix username passed to helper program
     prepare stdio fds before closefrom()
     spotted by landry@
+   - djm@cvs.openbsd.org 2012/11/14 02:32:15
+     [ssh-keygen.c]
+     allow the full range of unsigned serial numbers; 'fine' deraadt@
 20121107
 - (djm) OpenBSD CVS Sync
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 11d1dd02b..2d8af679c 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.218 2012/10/02 07:07:45 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.219 2012/11/14 02:32:15 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1937,7 +1937,7 @@ main(int argc, char **argv)
 {
        char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
        char *checkpoint = NULL;
-        char out_file[MAXPATHLEN], *rr_hostname = NULL;
+        char out_file[MAXPATHLEN], *rr_hostname = NULL, *ep;
        Key *private, *public;
        struct passwd *pw;
        struct stat st;
@@ -2145,9 +2145,11 @@ main(int argc, char **argv)
                        parse_cert_times(optarg);
                        break;
                case 'z':
-                        cert_serial = strtonum(optarg, 0, LLONG_MAX, &errstr);
+                        errno = 0;
-                        if (errstr)
+                        cert_serial = strtoull(optarg, &ep, 10);
-                                fatal("Invalid serial number: %s", errstr);
+                        if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
+                            (errno == ERANGE && cert_serial == ULLONG_MAX))
+                                fatal("Invalid serial number \"%s\"", optarg);
                        break;
                case '?':
                default:

diff --git a/ChangeLog b/ChangeLog index 0c018c29e..870f0cc8b 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -5,7 +5,9 @@
5	fix username passed to helper program	5	fix username passed to helper program
6	prepare stdio fds before closefrom()	6	prepare stdio fds before closefrom()
7	spotted by landry@	7	spotted by landry@
8		8	- djm@cvs.openbsd.org 2012/11/14 02:32:15
		9	[ssh-keygen.c]
		10	allow the full range of unsigned serial numbers; 'fine' deraadt@
9		11
10	20121107	12	20121107
11	- (djm) OpenBSD CVS Sync	13	- (djm) OpenBSD CVS Sync


diff --git a/ssh-keygen.c b/ssh-keygen.c index 11d1dd02b..2d8af679c 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keygen.c,v 1.218 2012/10/02 07:07:45 djm Exp $ */	1	/* $OpenBSD: ssh-keygen.c,v 1.219 2012/11/14 02:32:15 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1937,7 +1937,7 @@ main(int argc, char **argv)
1937	{	1937	{
1938	char dotsshdir[MAXPATHLEN], comment[1024], passphrase1, passphrase2;	1938	char dotsshdir[MAXPATHLEN], comment[1024], passphrase1, passphrase2;
1939	char *checkpoint = NULL;	1939	char *checkpoint = NULL;
1940	char out_file[MAXPATHLEN], *rr_hostname = NULL;	1940	char out_file[MAXPATHLEN], rr_hostname = NULL, ep;
1941	Key private, public;	1941	Key private, public;
1942	struct passwd *pw;	1942	struct passwd *pw;
1943	struct stat st;	1943	struct stat st;
@@ -2145,9 +2145,11 @@ main(int argc, char **argv)
2145	parse_cert_times(optarg);	2145	parse_cert_times(optarg);
2146	break;	2146	break;
2147	case 'z':	2147	case 'z':
2148	cert_serial = strtonum(optarg, 0, LLONG_MAX, &errstr);	2148	errno = 0;
2149	if (errstr)	2149	cert_serial = strtoull(optarg, &ep, 10);
2150	fatal("Invalid serial number: %s", errstr);	2150	if (optarg < '0' \|\| optarg > '9' \|\| *ep != '\0' \|\|
		2151	(errno == ERANGE && cert_serial == ULLONG_MAX))
		2152	fatal("Invalid serial number \"%s\"", optarg);
2151	break;	2153	break;
2152	case '?':	2154	case '?':
2153	default:	2155	default: