cmdgen: add missing null pointer check in --dump mode.

A user pointed out that once we've identified the key algorithm from an apparent public-key blob, we call ssh_key_new_pub on the blob data and assume it will succeed. But there are plenty of ways it could still fail, and ssh_key_new_pub could return NULL. (cherry picked from commit 0c21eb4447)
2025-07-01 19:42:48 -05:00 · 2021-05-19 10:42:42 +01:00
parent 11b89407f5
commit 27a04d96a3
1 changed files with 4 additions and 0 deletions
--- a/cmdgen.c
+++ b/cmdgen.c
@ -1283,6 +1283,10 @@ int main(int argc, char **argv)
                }
                ssh_key *sk = ssh_key_new_pub(
                    alg, ptrlen_from_strbuf(ssh2blob));
+                if (!sk) {
+                    fprintf(stderr, "puttygen: unable to decode public key\n");
+                    RETURN(1);
+                }
                kc = ssh_key_components(sk);
                ssh_key_free(sk);
            }