[openssh-commits] [openssh] 01/01: upstream: Don't log NULL hostname in restricted agent code,

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Jan 12 15:19:34 AEDT 2022


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 72bcd7993dadaf967bb3d8564ee31cbf38132b5d
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Wed Jan 12 03:30:32 2022 +0000

    upstream: Don't log NULL hostname in restricted agent code,
    
    printf("%s", NULL) is not safe on all platforms.  with & ok djm
    
    OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02
---
 ssh-agent.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ssh-agent.c b/ssh-agent.c
index 8d147bb0..1650f977 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.285 2022/01/01 04:18:06 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.286 2022/01/12 03:30:32 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -263,6 +263,7 @@ match_key_hop(const char *tag, const struct sshkey *key,
     const struct dest_constraint_hop *dch)
 {
 	const char *reason = NULL;
+	const char *hostname = dch->hostname ? dch->hostname : "(ORIGIN)";
 	u_int i;
 	char *fp;
 
@@ -273,7 +274,7 @@ match_key_hop(const char *tag, const struct sshkey *key,
 	    SSH_FP_DEFAULT)) == NULL)
 		fatal_f("fingerprint failed");
 	debug3_f("%s: entering hostname %s, requested key %s %s, %u keys avail",
-	    tag, dch->hostname, sshkey_type(key), fp, dch->nkeys);
+	    tag, hostname, sshkey_type(key), fp, dch->nkeys);
 	free(fp);
 	for (i = 0; i < dch->nkeys; i++) {
 		if (dch->keys[i] == NULL)
@@ -300,10 +301,10 @@ match_key_hop(const char *tag, const struct sshkey *key,
 			return -1; /* shouldn't happen */
 		if (!sshkey_equal(key->cert->signature_key, dch->keys[i]))
 			continue;
-		if (sshkey_cert_check_host(key, dch->hostname, 1,
+		if (sshkey_cert_check_host(key, hostname, 1,
 		    SSH_ALLOWED_CA_SIGALGS, &reason) != 0) {
 			debug_f("cert %s / hostname %s rejected: %s",
-			    key->cert->key_id, dch->hostname, reason);
+			    key->cert->key_id, hostname, reason);
 			continue;
 		}
 		return 0;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list