# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1495363989 -28800
# Node ID 74a22c562cdffcf3ece778fdeaf854ea3d620e6e
# Parent  f9f930e1a516d9e92cbb260f95131b88f84487c4
Fix null pointer dereference found by libfuzzer

diff -r f9f930e1a516 -r 74a22c562cdf signkey.c
--- a/signkey.c	Sun May 21 10:54:11 2017 +0800
+++ b/signkey.c	Sun May 21 18:53:09 2017 +0800
@@ -102,7 +102,8 @@
 	return DROPBEAR_SIGNKEY_NONE;
 }
 
-/* Returns a pointer to the key part specific to "type" */
+/* Returns a pointer to the key part specific to "type".
+Be sure to check both (ret != NULL) and (*ret != NULL) */
 void **
 signkey_key_ptr(sign_key *key, enum signkey_type type) {
 	switch (type) {
@@ -294,7 +295,7 @@
 #if DROPBEAR_ECDSA
 	if (signkey_is_ecdsa(type)) {
 		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
-		if (eck) {
+		if (eck && *eck) {
 			buf_put_ecdsa_pub_key(pubkeys, *eck);
 		}
 	}
@@ -331,7 +332,7 @@
 #if DROPBEAR_ECDSA
 	if (signkey_is_ecdsa(type)) {
 		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
-		if (eck) {
+		if (eck && *eck) {
 			buf_put_ecdsa_priv_key(buf, *eck);
 			TRACE(("leave buf_put_priv_key: ecdsa done"))
 			return;
@@ -495,7 +496,7 @@
 #if DROPBEAR_ECDSA
 	if (signkey_is_ecdsa(type)) {
 		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
-		if (eck) {
+		if (eck && *eck) {
 			buf_put_ecdsa_sign(sigblob, *eck, data_buf);
 		}
 	}