From 0b36c83148976c7c8268f4f41497359e2fb26251 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 29 Dec 2013 17:45:51 +1100 Subject: [PATCH] - djm@cvs.openbsd.org 2013/12/19 01:19:41 [ssh-agent.c] bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com; ok dtucker --- ChangeLog | 5 +++++ ssh-agent.c | 5 ++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index c22c8b4de..604bbbb78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,11 @@ them. Diagnosis and fix by ronf AT timeheart.net + - djm@cvs.openbsd.org 2013/12/19 01:19:41 + [ssh-agent.c] + bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent + that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com; + ok dtucker 20131221 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. diff --git a/ssh-agent.c b/ssh-agent.c index 8210a8e34..95117e076 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.180 2013/12/06 13:39:49 markus Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.181 2013/12/19 01:19:41 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -660,6 +660,9 @@ process_remove_smartcard_key(SocketEntry *e) tab = idtab_lookup(version); for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { nxt = TAILQ_NEXT(id, next); + /* Skip file--based keys */ + if (id->provider == NULL) + continue; if (!strcmp(provider, id->provider)) { TAILQ_REMOVE(&tab->idlist, id, next); free_identity(id); -- 2.47.3