ssh-keygen parse_cert_times bugfix

Ed Maste emaste at freebsd.org
Mon Nov 7 01:46:00 AEDT 2022


When Coverity ran on FreeBSD after updating to 9.1 in the base system
it reported an issue in parse_cert_times. Here's the patch from the
FreeBSD commit mail:

---------- Forwarded message ---------
From: Ed Maste <emaste at freebsd.org>
Date: Thu, 3 Nov 2022 at 10:14
Subject: git: 0657b2325df3 - main - ssh: correct parse_cert_times case
for hex "to" time
To: <src-committers at freebsd.org>, <dev-commits-src-all at freebsd.org>,
<dev-commits-src-main at freebsd.org>


The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=0657b2325df3d85967870a928d58b24ffcf3f1ea

commit 0657b2325df3d85967870a928d58b24ffcf3f1ea
Author:     Ed Maste <emaste at FreeBSD.org>
AuthorDate: 2022-11-03 13:44:52 +0000
Commit:     Ed Maste <emaste at FreeBSD.org>
CommitDate: 2022-11-03 14:10:28 +0000

    ssh: correct parse_cert_times case for hex "to" time

    This appeared to be a copy-paste error from the "from" time case above.

    Reported by:    Coverity Scan
    CID:            1500407
    Reviewed by:    markj
    MFC after:      3 days
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D37252
---
 crypto/openssh/ssh-keygen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c
index 9b2beda05f0c..1255957d0e67 100644
--- a/crypto/openssh/ssh-keygen.c
+++ b/crypto/openssh/ssh-keygen.c
@@ -1975,7 +1975,7 @@ parse_cert_times(char *timespec)
                cert_valid_to = parse_relative_time(to, now);
        else if (strcmp(to, "forever") == 0)
                cert_valid_to = ~(u_int64_t)0;
-       else if (strncmp(from, "0x", 2) == 0)
+       else if (strncmp(to, "0x", 2) == 0)
                parse_hex_u64(to, &cert_valid_to);
        else if (parse_absolute_time(to, &cert_valid_to) != 0)
                fatal("Invalid to time \"%s\"", to);


More information about the openssh-unix-dev mailing list