ssh-keygen parse_cert_times bugfix
Ed Maste
emaste at freebsd.org
Mon Nov 7 01:46:00 AEDT 2022
When Coverity ran on FreeBSD after updating to 9.1 in the base system
it reported an issue in parse_cert_times. Here's the patch from the
FreeBSD commit mail:
---------- Forwarded message ---------
From: Ed Maste <emaste at freebsd.org>
Date: Thu, 3 Nov 2022 at 10:14
Subject: git: 0657b2325df3 - main - ssh: correct parse_cert_times case
for hex "to" time
To: <src-committers at freebsd.org>, <dev-commits-src-all at freebsd.org>,
<dev-commits-src-main at freebsd.org>
The branch main has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=0657b2325df3d85967870a928d58b24ffcf3f1ea
commit 0657b2325df3d85967870a928d58b24ffcf3f1ea
Author: Ed Maste <emaste at FreeBSD.org>
AuthorDate: 2022-11-03 13:44:52 +0000
Commit: Ed Maste <emaste at FreeBSD.org>
CommitDate: 2022-11-03 14:10:28 +0000
ssh: correct parse_cert_times case for hex "to" time
This appeared to be a copy-paste error from the "from" time case above.
Reported by: Coverity Scan
CID: 1500407
Reviewed by: markj
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37252
---
crypto/openssh/ssh-keygen.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c
index 9b2beda05f0c..1255957d0e67 100644
--- a/crypto/openssh/ssh-keygen.c
+++ b/crypto/openssh/ssh-keygen.c
@@ -1975,7 +1975,7 @@ parse_cert_times(char *timespec)
cert_valid_to = parse_relative_time(to, now);
else if (strcmp(to, "forever") == 0)
cert_valid_to = ~(u_int64_t)0;
- else if (strncmp(from, "0x", 2) == 0)
+ else if (strncmp(to, "0x", 2) == 0)
parse_hex_u64(to, &cert_valid_to);
else if (parse_absolute_time(to, &cert_valid_to) != 0)
fatal("Invalid to time \"%s\"", to);
More information about the openssh-unix-dev
mailing list