Check for non-NULL before string comparison. From jjelen at redhat.com

via bz#2687.

diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index 3e91c7e..61b3144 100644 (file)
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.388 2023/03/03 02:37:58 dtucker Exp $ */
+/* $OpenBSD: clientloop.c,v 1.389 2023/03/03 09:48:51 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2097,7 +2097,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
                        free(response);
                        response = read_passphrase("Accept updated hostkeys? "
                            "(yes/no): ", RP_ECHO);
-                       if (strcasecmp(response, "yes") == 0)
+                       if (response != NULL && strcasecmp(response, "yes") == 0)
                                break;
                        else if (quit_pending || response == NULL ||
                            strcasecmp(response, "no") == 0) {