From 05c08e5f628de3ecf6f7ea20947735bcfa3201e0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 17 Jul 2023 05:20:15 +0000 Subject: [PATCH] upstream: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed to fall back to text revocation lists in some cases; fixes t-cert-hostkey. OpenBSD-Commit-ID: 5c670a6c0f027e99b7774ef29f18ba088549c7e1 --- krl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krl.c b/krl.c index c53fdd6ed..caedb4f12 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.57 2023/07/17 04:01:10 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.58 2023/07/17 05:20:15 djm Exp $ */ #include "includes.h" @@ -1056,7 +1056,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp) /* KRL must begin with magic string */ if ((r = sshbuf_cmp(buf, 0, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0) { debug2_f("bad KRL magic header"); - return r; + return SSH_ERR_KRL_BAD_MAGIC; } if ((krl = ssh_krl_init()) == NULL) {