upstream: prevent leak in sshsig_match_principals; ok djm@

OpenBSD-Commit-ID: 594f61ad4819ff5c72dfe99ba666a17f0e1030ae
author: markus@openbsd.org <markus@openbsd.org> 2023-12-08 10:18:39 +0100
committer: Damien Miller <djm@mindrot.org> 2023-12-13 04:33:50 +0100
commit: 4086bd6652c0badccc020218a62190a7798fb72c (patch)
tree: ce20485e15c6e43ee1487f6aac75a29a3c48a7b1 /sshsig.c
parent: upstream: short circuit debug log processing early if we're not going (diff)
download: openssh-4086bd6652c0badccc020218a62190a7798fb72c.tar.xz
openssh-4086bd6652c0badccc020218a62190a7798fb72c.zip
1 files changed, 3 insertions, 4 deletions
diff --git a/sshsig.c b/sshsig.c
index d219db90e..d50d65fe2 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshsig.c,v 1.33 2023/09/06 23:18:15 djm Exp $ */
+/* $OpenBSD: sshsig.c,v 1.34 2023/12/08 09:18:39 markus Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -1121,12 +1121,11 @@ sshsig_match_principals(const char *path, const char *principal,
 	if (ret == 0) {
 		if (nprincipals == 0)
 			ret = SSH_ERR_KEY_NOT_FOUND;
+		if (nprincipalsp != 0)
+			*nprincipalsp = nprincipals;
 		if (principalsp != NULL) {
 			*principalsp = principals;
 			principals = NULL; /* transferred */
-		}
-		if (nprincipalsp != 0) {
-			*nprincipalsp = nprincipals;
 			nprincipals = 0;
 		}
 	}
author	markus@openbsd.org <markus@openbsd.org>	2023-12-08 10:18:39 +0100
committer	Damien Miller <djm@mindrot.org>	2023-12-13 04:33:50 +0100
commit	4086bd6652c0badccc020218a62190a7798fb72c (patch)
tree	ce20485e15c6e43ee1487f6aac75a29a3c48a7b1 /sshsig.c
parent	upstream: short circuit debug log processing early if we're not going (diff)
download	openssh-4086bd6652c0badccc020218a62190a7798fb72c.tar.xz openssh-4086bd6652c0badccc020218a62190a7798fb72c.zip