When Coverity ran on FreeBSD after updating to 9.1 in the base system it reported an issue in parse_cert_times. Here's the patch from the FreeBSD commit mail: ---------- Forwarded message --------- From: Ed Maste <emaste@xxxxxxxxxxx> Date: Thu, 3 Nov 2022 at 10:14 Subject: git: 0657b2325df3 - main - ssh: correct parse_cert_times case for hex "to" time To: <src-committers@xxxxxxxxxxx>, <dev-commits-src-all@xxxxxxxxxxx>, <dev-commits-src-main@xxxxxxxxxxx> The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=0657b2325df3d85967870a928d58b24ffcf3f1ea commit 0657b2325df3d85967870a928d58b24ffcf3f1ea Author: Ed Maste <emaste@xxxxxxxxxxx> AuthorDate: 2022-11-03 13:44:52 +0000 Commit: Ed Maste <emaste@xxxxxxxxxxx> CommitDate: 2022-11-03 14:10:28 +0000 ssh: correct parse_cert_times case for hex "to" time This appeared to be a copy-paste error from the "from" time case above. Reported by: Coverity Scan CID: 1500407 Reviewed by: markj MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D37252 --- crypto/openssh/ssh-keygen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index 9b2beda05f0c..1255957d0e67 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -1975,7 +1975,7 @@ parse_cert_times(char *timespec) cert_valid_to = parse_relative_time(to, now); else if (strcmp(to, "forever") == 0) cert_valid_to = ~(u_int64_t)0; - else if (strncmp(from, "0x", 2) == 0) + else if (strncmp(to, "0x", 2) == 0) parse_hex_u64(to, &cert_valid_to); else if (parse_absolute_time(to, &cert_valid_to) != 0) fatal("Invalid to time \"%s\"", to); _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
