Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 26 May 2026 19:28:04 +0000
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Cc:        djm@openbsd.org <djm@openbsd.org>
Subject:   git: 77fd9e0ceabc - main - upstream: fix hard-to-reach NULL deref during pubkey auth
Message-ID:  <6a15f444.46db1.3233e9a6@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=77fd9e0ceabcfa99894b3e70f60013c157115ca0

commit 77fd9e0ceabcfa99894b3e70f60013c157115ca0
Author:     djm@openbsd.org <djm@openbsd.org>
AuthorDate: 2026-05-13 05:11:02 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2026-05-26 19:27:45 +0000

    upstream: fix hard-to-reach NULL deref during pubkey auth
    
    To hit this, the user must be using a PEM style private key with no
    corresponding .pub key adjacent to it.
    
    OpenBSD-Commit-ID: b7150acc5322fa33f21491834d9471fbe3d30f20
    (cherry picked from commit cf6c0b3b94cdc223f1b8be1ef2d93e993af5d976)
    
    Reviewed by:    emaste
---
 crypto/openssh/sshconnect2.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c
index 478a9a52fd38..5a48c73edbef 100644
--- a/crypto/openssh/sshconnect2.c
+++ b/crypto/openssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.385 2026/04/02 07:48:13 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.386 2026/05/13 05:11:02 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1277,7 +1277,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
 	 * PKCS#11 tokens may not support all signature algorithms,
 	 * so check what we get back.
 	 */
-	if ((id->key->flags & SSHKEY_FLAG_EXT) != 0 &&
+	if (id->key != NULL && (id->key->flags & SSHKEY_FLAG_EXT) != 0 &&
 	    (r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) {
 		debug_fr(r, "sshkey_check_sigtype");
 		goto out;
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a15f444.46db1.3233e9a6>