null pointer dereference in krl.c?

Sun Jan 27 20:56:01 EST 2013

On Sun, 27 Jan 2013, Xi Wang wrote:

> Hi,
> 
> In ssh_krl_from_blob(), krl.c:984,
> 
>   /* Record keys used to sign the KRL */
>   xrealloc(ca_used, nca_used + 1, sizeof(*ca_used));
>   ca_used[nca_used++] = key;
> 
> The result of `xrealloc' is never assigned to `ca_used', which remains
> a null pointer.  Will ca_used[...] crash?.  Did I miss anything?

Yes, I'll commit a fix.

-d