upstream: ssh-keygen -Y check-novalidate requires namespace or SEGV

author djm@openbsd.org <djm@openbsd.org>

Fri, 18 Mar 2022 02:31:25 +0000 (02:31 +0000)

committer Damien Miller <djm@mindrot.org>

Fri, 18 Mar 2022 02:33:36 +0000 (13:33 +1100)
author djm@openbsd.org <djm@openbsd.org>
Fri, 18 Mar 2022 02:31:25 +0000 (02:31 +0000)
committer Damien Miller <djm@mindrot.org>
Fri, 18 Mar 2022 02:33:36 +0000 (13:33 +1100)
diff --git a/ssh-keygen.c b/ssh-keygen.c

index d4b7f4dcf800510fae48586ff678ac3e2faafaee..34c316d256e4e5bb0ccf162817bc25729478187b 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.448 2022/02/01 23:32:51 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.449 2022/03/18 02:31:25 djm Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3538,6 +3538,12 @@ main(int argc, char **argv)
                         return sig_sign(identity_file, cert_principals,
                             argc, argv, opts, nopts);
                 } else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
+                       if (cert_principals == NULL ||
+                           *cert_principals == '\0') {
+                               error("Too few arguments for check-novalidate: "
+                                   "missing namespace");
+                               exit(1);
+                       }
                         if (ca_key_path == NULL) {
                                 error("Too few arguments for check-novalidate: "
                                     "missing signature file");
author	djm@openbsd.org <djm@openbsd.org>
	Fri, 18 Mar 2022 02:31:25 +0000 (02:31 +0000)
committer	Damien Miller <djm@mindrot.org>
	Fri, 18 Mar 2022 02:33:36 +0000 (13:33 +1100)