diff options
| author | des <des@FreeBSD.org> | 2016-01-19 16:18:26 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2016-01-19 16:18:26 +0000 |
| commit | 14172c52f89fa504003826ed2e4e2c0ac246505d (patch) | |
| tree | bc48bd740145eea64393ed391fc1d972c83f991c /crypto/openssh/krl.c | |
| parent | 456370e53073cd38d0ddc4001283f1c131d1428e (diff) | |
| parent | 64c731d52472fb486558425128009691392e0bef (diff) | |
| download | FreeBSD-src-14172c52f89fa504003826ed2e4e2c0ac246505d.zip FreeBSD-src-14172c52f89fa504003826ed2e4e2c0ac246505d.tar.gz | |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
Diffstat (limited to 'crypto/openssh/krl.c')
| -rw-r--r-- | crypto/openssh/krl.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c index 3b4cded..eb31df9 100644 --- a/crypto/openssh/krl.c +++ b/crypto/openssh/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.14 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: krl.c,v 1.17 2014/06/24 01:13:21 djm Exp $ */ #include "includes.h" @@ -366,7 +366,7 @@ plain_key_blob(const Key *key, u_char **blob, u_int *blen) } r = key_to_blob(kcopy, blob, blen); free(kcopy); - return r == 0 ? -1 : 0; + return r; } /* Revoke a key blob. Ownership of blob is transferred to the tree */ @@ -394,7 +394,7 @@ ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const Key *key) u_int len; debug3("%s: revoke type %s", __func__, key_type(key)); - if (plain_key_blob(key, &blob, &len) != 0) + if (plain_key_blob(key, &blob, &len) < 0) return -1; return revoke_blob(&krl->revoked_keys, blob, len); } @@ -575,6 +575,7 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf) buffer_put_char(buf, state); buffer_put_string(buf, buffer_ptr(§), buffer_len(§)); + buffer_clear(§); } /* If we are starting a new section then prepare it now */ @@ -753,7 +754,8 @@ static int parse_revoked_certs(Buffer *buf, struct ssh_krl *krl) { int ret = -1, nbits; - u_char type, *blob; + u_char type; + const u_char *blob; u_int blen; Buffer subsect; u_int64_t serial, serial_lo, serial_hi; @@ -887,7 +889,8 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, char timestamp[64]; int ret = -1, r, sig_seen; Key *key = NULL, **ca_used = NULL; - u_char type, *blob, *rdata = NULL; + u_char type, *rdata = NULL; + const u_char *blob; u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used; nca_used = 0; @@ -1127,7 +1130,7 @@ is_key_revoked(struct ssh_krl *krl, const Key *key) /* Next, explicit keys */ memset(&rb, 0, sizeof(rb)); - if (plain_key_blob(key, &rb.blob, &rb.len) != 0) + if (plain_key_blob(key, &rb.blob, &rb.len) < 0) return -1; erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); free(rb.blob); |
