upstream: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a

valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed
to fall back to text revocation lists in some cases; fixes t-cert-hostkey.

OpenBSD-Commit-ID: 5c670a6c0f027e99b7774ef29f18ba088549c7e1
This commit is contained in:
djm@openbsd.org 2023-07-17 05:20:15 +00:00 committed by Damien Miller
parent c6fad2c3d1
commit 05c08e5f62
No known key found for this signature in database
1 changed files with 2 additions and 2 deletions

4
krl.c
View File

@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $OpenBSD: krl.c,v 1.57 2023/07/17 04:01:10 djm Exp $ */ /* $OpenBSD: krl.c,v 1.58 2023/07/17 05:20:15 djm Exp $ */
#include "includes.h" #include "includes.h"
@ -1056,7 +1056,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp)
/* KRL must begin with magic string */ /* KRL must begin with magic string */
if ((r = sshbuf_cmp(buf, 0, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0) { if ((r = sshbuf_cmp(buf, 0, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0) {
debug2_f("bad KRL magic header"); debug2_f("bad KRL magic header");
return r; return SSH_ERR_KRL_BAD_MAGIC;
} }
if ((krl = ssh_krl_init()) == NULL) { if ((krl = ssh_krl_init()) == NULL) {