upstream: NULL deref when using find-principals when matching an

allowed_signers line that contains a namespace restriction, but no restriction specified on the command-line; report and fix from Fabian Stelzer OpenBSD-Commit-ID: 4a201b86afb668c908d1a559c6af456a61f4b145
2022-01-05 04:02:42 +00:00 · 2022-01-05 04:02:42 +00:00 · eb1f042142
parent 8f3b180305
commit eb1f042142
1 changed files with 2 additions and 2 deletions
--- a/sshsig.c
+++ b/sshsig.c
@ -1,4 +1,4 @@
-/* $OpenBSD: sshsig.c,v 1.26 2021/11/28 07:21:26 djm Exp $ */
+/* $OpenBSD: sshsig.c,v 1.27 2022/01/05 04:02:42 djm Exp $ */
 /*
 * Copyright (c) 2019 Google LLC
 *
@ -921,7 +921,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line,
 	}

 	/* Check whether options preclude the use of this key */
-	if (sigopts->namespaces != NULL &&
+	if (sigopts->namespaces != NULL && sig_namespace != NULL &&
 	    match_pattern_list(sig_namespace, sigopts->namespaces, 0) != 1) {
 		error("%s:%lu: key is not permitted for use in signature "
 		    "namespace \"%s\"", path, linenum, sig_namespace);