Refuse to create a certificate with an unusable number of principals;

author djm <djm@openbsd.org>

Sat, 10 Feb 2018 05:48:46 +0000 (05:48 +0000)

committer djm <djm@openbsd.org>

Sat, 10 Feb 2018 05:48:46 +0000 (05:48 +0000)
author djm <djm@openbsd.org>
Sat, 10 Feb 2018 05:48:46 +0000 (05:48 +0000)
committer djm <djm@openbsd.org>
Sat, 10 Feb 2018 05:48:46 +0000 (05:48 +0000)
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c

index 715025b..4e45d7d 100644 (file)
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.311 2018/02/10 05:43:26 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.312 2018/02/10 05:48:46 djm Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1681,6 +1681,8 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
                         }
                         free(otmp);
                 }
+               if (n > SSHKEY_CERT_MAX_PRINCIPALS)
+                       fatal("Too many certificate principals specified");
         
                 tmp = tilde_expand_filename(argv[i], pw->pw_uid);
                 if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)
author	djm <djm@openbsd.org>
	Sat, 10 Feb 2018 05:48:46 +0000 (05:48 +0000)
committer	djm <djm@openbsd.org>
	Sat, 10 Feb 2018 05:48:46 +0000 (05:48 +0000)