diff --git a/krl.c b/krl.c index e2efdf06..0d0f6953 100644 --- a/krl.c +++ b/krl.c @@ -674,6 +674,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) break; case KRL_SECTION_CERT_SERIAL_BITMAP: if (rs->lo - bitmap_start > INT_MAX) { + r = SSH_ERR_INVALID_FORMAT; error_f("insane bitmap gap"); goto out; } @@ -1059,6 +1060,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp) goto out; if ((krl = ssh_krl_init()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; error_f("alloc failed"); goto out; } diff --git a/sshconnect2.c b/sshconnect2.c index a69c4da1..1ee6000a 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -99,7 +99,7 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) options.required_rsa_size)) != 0) fatal_r(r, "Bad server host key"); if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, - xxx_conn_info) == -1) + xxx_conn_info) != 0) fatal("Host key verification failed."); return 0; } @@ -699,6 +699,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { debug_f("server sent unknown pkalg %s", pkalg); + r = SSH_ERR_INVALID_FORMAT; goto done; } if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { @@ -709,6 +710,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) error("input_userauth_pk_ok: type mismatch " "for decoded key (received %d, expected %d)", key->type, pktype); + r = SSH_ERR_INVALID_FORMAT; goto done; } @@ -728,6 +730,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) SSH_FP_DEFAULT); error_f("server replied with unknown key: %s %s", sshkey_type(key), fp == NULL ? "" : fp); + r = SSH_ERR_INVALID_FORMAT; goto done; } ident = format_identity(id); diff --git a/sshsig.c b/sshsig.c index 6e03c0b0..3da005d6 100644 --- a/sshsig.c +++ b/sshsig.c @@ -879,6 +879,7 @@ cert_filter_principals(const char *path, u_long linenum, } if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { error_f("buffer error"); + r = SSH_ERR_ALLOC_FAIL; goto out; } /* success */