diff options
| author | Simon Tatham <anakin@pobox.com> | 2022-08-29 15:43:07 +0300 |
|---|---|---|
| committer | Simon Tatham <anakin@pobox.com> | 2022-08-30 20:09:39 +0300 |
| commit | c6d7ffda68ee9ec82c4235efa5c6559889ba6d86 (patch) | |
| tree | 1e9ed42f1b487e29122a5de5d33f06e2187529ed /ssh | |
| parent | d2e982efa727544b54628e37916c2497fe72cf21 (diff) | |
Fix crash in GSSAPI key exchange.
Introduced recently by commit 42740a54550476e, in which I decided to
call ssh_key_cache_str() even on certified host keys. But that call
was conditional on s->hkey being non-NULL (which happens in GSS KEX)
as well as on it not being certified, and I managed to absentmindedly
remove _both_ conditions. As a result we got a null-pointer
dereference on any GSS kex.
Diffstat (limited to 'ssh')
| -rw-r--r-- | ssh/kex2-client.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssh/kex2-client.c b/ssh/kex2-client.c index 5935ef29..a437d92e 100644 --- a/ssh/kex2-client.c +++ b/ssh/kex2-client.c @@ -718,7 +718,7 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted) } } - s->keystr = ssh_key_cache_str(s->hkey); + s->keystr = s->hkey ? ssh_key_cache_str(s->hkey) : NULL; #ifndef NO_GSSAPI if (s->gss_kex_used) { /* |