From nobody Tue May 26 19:28:04 2026 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gQ2pd5x53z6gKqm for ; Tue, 26 May 2026 19:28:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gQ2pd482vz3bjp for ; Tue, 26 May 2026 19:28:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779823689; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bFdeiqU9Tnt45F9jBtvjvmb28axYKHPqj5ZishGbHAA=; b=q7cBHyX/C0m5azMLZCdvRF/otoRXYgXZbIG9ZSVDc5FBLq3JIJ16w/jkSSpUreJwTIq583 i42O4YHgXpxHVHO7H57V5N68cJ+Hm2kl5JXbhWoJyii2PP/mQsDsm9E3ChmBNECHbx+U5+ 3U4B87B4F0lZiNqj1IJqadTO50ib3Lpjp9M8Gh4+gnLP+sxFZpquCqBxbuVxq50+P9BkAQ WFYYUgSUdWXAGAibEdCrxiMbgB2vKGoLqP03tTGwBmI/5y3k+vfCsdtDjFyl5T+vGemvsj 86VG23eMaZPNHnkEhiC3znXRPjsfZ240h0LggEq1Cddv3KFJJQHwwjQGjr062Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1779823689; a=rsa-sha256; cv=none; b=r83YU2UkqBDm4hpHhn6AyU0ly4lxyoeAwzHLr6fgjEokY09y1DvA5BWGbm4GrXf9wY51ks FpEftBZQyGluwSsVNUltNdEgRtihohSs/iwCkvwUXLCo2xljymgIijFDcqo2mYIlDDRK0m SuYg7n8YcXCvEWuDNAwk3MgyifgJ40RmxOWCR4iblR2vgNeAgtDPXMquOdavibtCRzV6BP B5kB2LURN7V1k/FfnIt9Cj6k0V/jzy8VZ1jiQbblaL8jqR15K0Yn5fP0fP14of9h9KEMHi hCO9ipjRL/wpIMxUqlvADAsfyIEY0w6cOhTixs9o87Tas8YlbEfcZ1unS9pO3w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779823689; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bFdeiqU9Tnt45F9jBtvjvmb28axYKHPqj5ZishGbHAA=; b=eI6u4D3niwz7ojtH0kvNhA1NubRZX2iw2FCY0L77Rs2BP1Z5ApFKkcpRuADUzffUlU67OQ jiI/AS2z9/tfUnhXqypMEzZ9PF17fZ+0U9jw8FPkNYlRQPqKaY+RurRepeFat9KqKjpb4M Gnr9jspWGm4Y4pQ08q+90QnX0Te3A5ulQQdgVnIaWZJG3Ba7YDZHG9rwXQP2+VOqOgJ1dl g+e2R0ddqwdyM0Cve4N0oPzCQr3mR3AGKP8X6PUEhUj8UYUeaW0h8NR7R1nzSMgBSLOde6 PhXDw/VrKIp+lvUVDOGujk/BIAuSXSSc0mx5f4IQs4rz5skYxnySnEFkreFxSg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gQ2pd3BVfz9br for ; Tue, 26 May 2026 19:28:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 46db1 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 26 May 2026 19:28:04 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Cc: djm@openbsd.org From: Gleb Smirnoff Subject: git: 77fd9e0ceabc - main - upstream: fix hard-to-reach NULL deref during pubkey auth List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 77fd9e0ceabcfa99894b3e70f60013c157115ca0 Auto-Submitted: auto-generated Date: Tue, 26 May 2026 19:28:04 +0000 Message-Id: <6a15f444.46db1.3233e9a6@gitrepo.freebsd.org> The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=77fd9e0ceabcfa99894b3e70f60013c157115ca0 commit 77fd9e0ceabcfa99894b3e70f60013c157115ca0 Author: djm@openbsd.org AuthorDate: 2026-05-13 05:11:02 +0000 Commit: Gleb Smirnoff CommitDate: 2026-05-26 19:27:45 +0000 upstream: fix hard-to-reach NULL deref during pubkey auth To hit this, the user must be using a PEM style private key with no corresponding .pub key adjacent to it. OpenBSD-Commit-ID: b7150acc5322fa33f21491834d9471fbe3d30f20 (cherry picked from commit cf6c0b3b94cdc223f1b8be1ef2d93e993af5d976) Reviewed by: emaste --- crypto/openssh/sshconnect2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 478a9a52fd38..5a48c73edbef 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.385 2026/04/02 07:48:13 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.386 2026/05/13 05:11:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1277,7 +1277,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, * PKCS#11 tokens may not support all signature algorithms, * so check what we get back. */ - if ((id->key->flags & SSHKEY_FLAG_EXT) != 0 && + if (id->key != NULL && (id->key->flags & SSHKEY_FLAG_EXT) != 0 && (r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) { debug_fr(r, "sshkey_check_sigtype"); goto out;