From: djm@openbsd.org <djm@openbsd.org>
Date: Mon, 17 Jul 2023 05:20:15 +0000 (+0000)
Subject: upstream: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a
X-Git-Tag: V_9_4_P1~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=05c08e5f628de3ecf6f7ea20947735bcfa3201e0;p=thirdparty%2Fopenssh-portable.git

upstream: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a

valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed
to fall back to text revocation lists in some cases; fixes t-cert-hostkey.

OpenBSD-Commit-ID: 5c670a6c0f027e99b7774ef29f18ba088549c7e1
---

diff --git a/krl.c b/krl.c
index c53fdd6ed..caedb4f12 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.57 2023/07/17 04:01:10 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.58 2023/07/17 05:20:15 djm Exp $ */
 
 #include "includes.h"
 
@@ -1056,7 +1056,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp)
 	/* KRL must begin with magic string */
 	if ((r = sshbuf_cmp(buf, 0, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0) {
 		debug2_f("bad KRL magic header");
-		return r;
+		return SSH_ERR_KRL_BAD_MAGIC;
 	}
 
 	if ((krl = ssh_krl_init()) == NULL) {