summaryrefslogtreecommitdiff
path: root/ssh-agent.c
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2022-01-12 03:30:32 +0000
committerDarren Tucker <dtucker@dtucker.net>2022-01-12 15:19:21 +1100
commit72bcd7993dadaf967bb3d8564ee31cbf38132b5d (patch)
treee9302c667b88a362bebd5f6ba1f44df762ac45ed /ssh-agent.c
parentacabefe3f8fb58c867c99fed9bbf84dfa1771727 (diff)
downloadopenssh-git-72bcd7993dadaf967bb3d8564ee31cbf38132b5d.tar.gz
upstream: Don't log NULL hostname in restricted agent code,
printf("%s", NULL) is not safe on all platforms. with & ok djm OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02
Diffstat (limited to 'ssh-agent.c')
-rw-r--r--ssh-agent.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index 8d147bb0..1650f977 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.285 2022/01/01 04:18:06 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.286 2022/01/12 03:30:32 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -263,6 +263,7 @@ match_key_hop(const char *tag, const struct sshkey *key,
const struct dest_constraint_hop *dch)
{
const char *reason = NULL;
+ const char *hostname = dch->hostname ? dch->hostname : "(ORIGIN)";
u_int i;
char *fp;
@@ -273,7 +274,7 @@ match_key_hop(const char *tag, const struct sshkey *key,
SSH_FP_DEFAULT)) == NULL)
fatal_f("fingerprint failed");
debug3_f("%s: entering hostname %s, requested key %s %s, %u keys avail",
- tag, dch->hostname, sshkey_type(key), fp, dch->nkeys);
+ tag, hostname, sshkey_type(key), fp, dch->nkeys);
free(fp);
for (i = 0; i < dch->nkeys; i++) {
if (dch->keys[i] == NULL)
@@ -300,10 +301,10 @@ match_key_hop(const char *tag, const struct sshkey *key,
return -1; /* shouldn't happen */
if (!sshkey_equal(key->cert->signature_key, dch->keys[i]))
continue;
- if (sshkey_cert_check_host(key, dch->hostname, 1,
+ if (sshkey_cert_check_host(key, hostname, 1,
SSH_ALLOWED_CA_SIGALGS, &reason) != 0) {
debug_f("cert %s / hostname %s rejected: %s",
- key->cert->key_id, dch->hostname, reason);
+ key->cert->key_id, hostname, reason);
continue;
}
return 0;
View Lorry Controller Status