upstream: avoid use-after-free in update_krl_from_file() found with

author jsg@openbsd.org <jsg@openbsd.org>

Thu, 25 Sep 2025 12:52:21 +0000 (12:52 +0000)

committer Damien Miller <djm@mindrot.org>

Mon, 29 Sep 2025 03:24:57 +0000 (13:24 +1000)
author jsg@openbsd.org <jsg@openbsd.org>
Thu, 25 Sep 2025 12:52:21 +0000 (12:52 +0000)
committer Damien Miller <djm@mindrot.org>
Mon, 29 Sep 2025 03:24:57 +0000 (13:24 +1000)
diff --git a/ssh-keygen.c b/ssh-keygen.c

index 110d07fc150606e5efe3974bf892c43046b29072..d450f3e41f942572800d1c2ee09559f1ce901c21 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.483 2025/09/25 07:04:38 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.484 2025/09/25 12:52:21 jsg Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2321,6 +2321,8 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
                             blob, blen)) != 0)
                                 fatal_fr(r, "revoke key failed");
                         free(blob);
+                       blob = NULL;
+                       blen = 0;
                 } else {
                         if (strncasecmp(cp, "key:", 4) == 0) {
                                 cp += 4;
author	jsg@openbsd.org <jsg@openbsd.org>
	Thu, 25 Sep 2025 12:52:21 +0000 (12:52 +0000)
committer	Damien Miller <djm@mindrot.org>
	Mon, 29 Sep 2025 03:24:57 +0000 (13:24 +1000)