# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1495363989 -28800
# Node ID c1c3d5943bfc2c3fd3015886cb574034d4508063
# Parent  4cebe907dfd0612359fbc15d79aaf2627610a377
Fix null pointer dereference found by libfuzzer

diff -r 4cebe907dfd0 -r c1c3d5943bfc signkey.c
--- a/signkey.c	Thu May 25 22:21:23 2017 +0800
+++ b/signkey.c	Sun May 21 18:53:09 2017 +0800
@@ -102,7 +102,8 @@
 	return DROPBEAR_SIGNKEY_NONE;
 }
 
-/* Returns a pointer to the key part specific to "type" */
+/* Returns a pointer to the key part specific to "type".
+Be sure to check both (ret != NULL) and (*ret != NULL) */
 void **
 signkey_key_ptr(sign_key *key, enum signkey_type type) {
 	switch (type) {
@@ -297,7 +298,7 @@
 #if DROPBEAR_ECDSA
 	if (signkey_is_ecdsa(type)) {
 		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
-		if (eck) {
+		if (eck && *eck) {
 			buf_put_ecdsa_pub_key(pubkeys, *eck);
 		}
 	}
@@ -334,7 +335,7 @@
 #if DROPBEAR_ECDSA
 	if (signkey_is_ecdsa(type)) {
 		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
-		if (eck) {
+		if (eck && *eck) {
 			buf_put_ecdsa_priv_key(buf, *eck);
 			TRACE(("leave buf_put_priv_key: ecdsa done"))
 			return;
@@ -498,7 +499,7 @@
 #if DROPBEAR_ECDSA
 	if (signkey_is_ecdsa(type)) {
 		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
-		if (eck) {
+		if (eck && *eck) {
 			buf_put_ecdsa_sign(sigblob, *eck, data_buf);
 		}
 	}