===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.257
retrieving revision 1.260
diff -u -r1.257 -r1.260
--- src/usr.bin/ssh/ssh-keygen.c	2015/01/18 21:51:19	1.257
+++ src/usr.bin/ssh/ssh-keygen.c	2015/01/30 00:59:19	1.260
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.257 2015/01/18 21:51:19 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.260 2015/01/30 00:59:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -706,12 +706,12 @@
 		fatal("%s: unknown key format %d", __func__, convert_format);
 	}
 
-	if (!private)
+	if (!private) {
 		if ((r = sshkey_write(k, stdout)) == 0)
 			ok = 1;
 		if (ok)
 			fprintf(stdout, "\n");
-	else {
+	} else {
 		switch (k->type) {
 		case KEY_DSA:
 			ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
@@ -783,6 +783,8 @@
 			fp = sshkey_fingerprint(keys[i], fptype, rep);
 			ra = sshkey_fingerprint(keys[i], fingerprint_hash,
 			    SSH_FP_RANDOMART);
+			if (fp == NULL || ra == NULL)
+				fatal("%s: sshkey_fingerprint fail", __func__);
 			printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
 			    fp, sshkey_type(keys[i]));
 			if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -829,6 +831,8 @@
 		fp = sshkey_fingerprint(public, fptype, rep);
 		ra = sshkey_fingerprint(public, fingerprint_hash,
 		    SSH_FP_RANDOMART);
+		if (fp == NULL || ra == NULL)
+			fatal("%s: sshkey_fingerprint fail", __func__);
 		printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment,
 		    sshkey_type(public));
 		if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -898,6 +902,8 @@
 		fp = sshkey_fingerprint(public, fptype, rep);
 		ra = sshkey_fingerprint(public, fingerprint_hash,
 		    SSH_FP_RANDOMART);
+		if (fp == NULL || ra == NULL)
+			fatal("%s: sshkey_fingerprint fail", __func__);
 		printf("%u %s %s (%s)\n", sshkey_size(public), fp,
 		    comment ? comment : "no comment", sshkey_type(public));
 		if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -1114,7 +1120,7 @@
 static void
 do_known_hosts(struct passwd *pw, const char *name)
 {
-	char *cp, tmp[MAXPATHLEN], old[MAXPATHLEN];
+	char *cp, tmp[PATH_MAX], old[PATH_MAX];
 	int r, fd, oerrno, inplace = 0;
 	struct known_hosts_ctx ctx;
 
@@ -1883,6 +1889,8 @@
 	key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);
 	ca_fp = sshkey_fingerprint(key->cert->signature_key,
 	    fingerprint_hash, SSH_FP_DEFAULT);
+	if (key_fp == NULL || ca_fp == NULL)
+		fatal("%s: sshkey_fingerprint fail", __func__);
 
 	printf("%s:\n", identity_file);
 	printf("        Type: %s %s certificate\n", sshkey_ssh_name(key),
@@ -2199,7 +2207,7 @@
 {
 	char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
 	char *checkpoint = NULL;
-	char out_file[PATH_MAX], *rr_hostname = NULL, *ep;
+	char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;
 	struct sshkey *private, *public;
 	struct passwd *pw;
 	struct stat st;
@@ -2686,10 +2694,12 @@
 	fclose(f);
 
 	if (!quiet) {
-		char *fp = sshkey_fingerprint(public, fingerprint_hash,
+		fp = sshkey_fingerprint(public, fingerprint_hash,
 		    SSH_FP_DEFAULT);
-		char *ra = sshkey_fingerprint(public, fingerprint_hash,
+		ra = sshkey_fingerprint(public, fingerprint_hash,
 		    SSH_FP_RANDOMART);
+		if (fp == NULL || ra == NULL)
+			fatal("sshkey_fingerprint failed");
 		printf("Your public key has been saved in %s.\n",
 		    identity_file);
 		printf("The key fingerprint is:\n");