upstream: fatal out if allocating banner string fails to avoid

potential null deref later in sscanf.  Spotted by Coverity, ok deraadt@

OpenBSD-Commit-ID: 74e8d228ac00552e96e9e968dfcccf8dd1f46ad5

diff --git a/kex.c b/kex.c
index 7731ca9004fc8383d51d73dd80a1cff2ceae46dc..fce848fda5288fe8e95f35c6b94536f875360d1e 100644 (file)
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.174 2023/02/17 04:22:50 dtucker Exp $ */
+/* $OpenBSD: kex.c,v 1.175 2023/02/28 21:31:50 dtucker Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -1345,7 +1345,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
        }
        peer_version_string = sshbuf_dup_string(peer_version);
        if (peer_version_string == NULL)
-               error_f("sshbuf_dup_string failed");
+               fatal_f("sshbuf_dup_string failed");
        /* XXX must be same size for sscanf */
        if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) {
                error_f("calloc failed");