[openssh-commits] [openssh] 03/04: upstream: ssh-keygen -Y check-novalidate requires namespace or SEGV

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit a0b5816f8f1f645acdf74f7bc11b34455ec30bac
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Mar 18 02:31:25 2022 +0000

    upstream: ssh-keygen -Y check-novalidate requires namespace or SEGV
    
    will ensue. Patch from Mateusz Adamowski via GHPR#307
    
    OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd
---
 ssh-keygen.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index d4b7f4dc..34c316d2 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.448 2022/02/01 23:32:51 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.449 2022/03/18 02:31:25 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -3538,6 +3538,12 @@ main(int argc, char **argv)
 			return sig_sign(identity_file, cert_principals,
 			    argc, argv, opts, nopts);
 		} else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
+			if (cert_principals == NULL ||
+			    *cert_principals == '\0') {
+				error("Too few arguments for check-novalidate: "
+				    "missing namespace");
+				exit(1);
+			}
 			if (ca_key_path == NULL) {
 				error("Too few arguments for check-novalidate: "
 				    "missing signature file");

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.