From: djm <djm@openbsd.org>
Date: Mon, 17 Jul 2023 05:20:15 +0000 (+0000)
Subject: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=83e109d2e32057d1dbda056ddeedd702001ecfd0;p=openbsd

return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid
magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is
needed to fall back to text revocation lists in some cases;
fixes t-cert-hostkey.
---

diff --git a/usr.bin/ssh/krl.c b/usr.bin/ssh/krl.c
index 9e02cf63eeb..030be70c7d5 100644
--- a/usr.bin/ssh/krl.c
+++ b/usr.bin/ssh/krl.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.57 2023/07/17 04:01:10 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.58 2023/07/17 05:20:15 djm Exp $ */
 
 #include <sys/types.h>
 #include <sys/tree.h>
@@ -1054,7 +1054,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp)
 	/* KRL must begin with magic string */
 	if ((r = sshbuf_cmp(buf, 0, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0) {
 		debug2_f("bad KRL magic header");
-		return r;
+		return SSH_ERR_KRL_BAD_MAGIC;
 	}
 
 	if ((krl = ssh_krl_init()) == NULL) {