[openssh-commits] [openssh] 01/02: upstream: avoid NULL deref via ssh-keygen -Y find-principals.

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 6d4fc51adb9d8a42f67b5474f02f877422379de6
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Mar 30 04:27:51 2022 +0000

    upstream: avoid NULL deref via ssh-keygen -Y find-principals.
    
    bz3409, reported by Mateusz Adamowski
    
    OpenBSD-Commit-ID: a3b2c02438052ee858e0ee18e5a288586b5df2c5
---
 sshsig.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/sshsig.c b/sshsig.c
index 77361346..1e3b6398 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshsig.c,v 1.28 2022/02/01 23:34:47 djm Exp $ */
+/* $OpenBSD: sshsig.c,v 1.29 2022/03/30 04:27:51 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -739,7 +739,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line,
 		return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */
 
 	/* format: identity[,identity...] [option[,option...]] key */
-	if ((tmp = strdelimw(&cp)) == NULL) {
+	if ((tmp = strdelimw(&cp)) == NULL || cp == NULL) {
 		error("%s:%lu: invalid line", path, linenum);
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
@@ -777,6 +777,11 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line,
 			r = SSH_ERR_INVALID_FORMAT;
 			goto out;
 		}
+		if (cp == NULL || *cp == '\0') {
+			error("%s:%lu: missing key", path, linenum);
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
 		*cp++ = '\0';
 		skip_space(&cp);
 		if (sshkey_read(key, &cp) != 0) {

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.