upstream: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a

valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed
to fall back to text revocation lists in some cases; fixes t-cert-hostkey.

OpenBSD-Commit-ID: 5c670a6c0f027e99b7774ef29f18ba088549c7e1

diff --git a/krl.c b/krl.c
index c53fdd6ed8f8f1584998e9b135a9d42759e007e4..caedb4f12c4851a77804dc7ce1ad9ceb0abe8c3f 100644 (file)
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.57 2023/07/17 04:01:10 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.58 2023/07/17 05:20:15 djm Exp $ */
 
 #include "includes.h"
 
@@ -1056,7 +1056,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp)
        /* KRL must begin with magic string */
        if ((r = sshbuf_cmp(buf, 0, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0) {
                debug2_f("bad KRL magic header");
-               return r;
+               return SSH_ERR_KRL_BAD_MAGIC;
        }
 
        if ((krl = ssh_krl_init()) == NULL) {