null pointer dereference in krl.c?

Xi Wang at
Sun Jan 27 20:49:10 EST 2013


In ssh_krl_from_blob(), krl.c:984,

  /* Record keys used to sign the KRL */
  xrealloc(ca_used, nca_used + 1, sizeof(*ca_used));
  ca_used[nca_used++] = key;

The result of `xrealloc' is never assigned to `ca_used', which remains
a null pointer.  Will ca_used[...] crash?.  Did I miss anything?


- xi

More information about the openssh-unix-dev mailing list