[openssh-commits] [openssh] 02/02: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Nov 17 11:21:15 EST 2014
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 9f9fad0191028edc43d100d0ded39419b6895fdf
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Nov 17 00:21:40 2014 +0000
upstream commit
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
---
krl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krl.c b/krl.c
index eb31df9..832ac8b 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.c,v 1.17 2014/06/24 01:13:21 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.18 2014/11/17 00:21:40 djm Exp $ */
#include "includes.h"
@@ -686,6 +686,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, Buffer *buf, const Key **sign_keys,
/* Store sections for revoked certificates */
TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {
+ buffer_clear(§);
if (revoked_certs_generate(rc, §) != 0)
goto out;
buffer_put_char(buf, KRL_SECTION_CERTIFICATES);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list