Hi
When removing an identity from the agent using the private key file,
ssh-add first tries to find the public key file. If that fails,
it loads the public key from the private key file, but no comment
is loaded. This means comment is NULL when it is used inside
delete_one to print `Identity removed: ...'
Below is a diff which only prints the braces and the comment if it
is not NULL. Something similar is done in ssh-keygen.c line
2423-2425.
So with the following setup:
$ ssh-keygen -t ed25519 -f demo -C demo -N ''
$ mv demo.pub demo_pub
$ ssh-add demo
Identity added: demo (demo)
Before:
$ ssh-add -d demo
Identity removed: demo ED25519 ((null))
$ tail -n 1 /var/log/messages
May 9 18:15:53 demo ssh-add: vfprintf %s NULL in "Identity removed: %s %s
(%s) "
After:
$ ssh-add -d demo
Identity removed: demo ED25519
Best,
Martin
P.S.: While here remove a trailing space as well.
Index: ssh-add.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v
retrieving revision 1.165
diff -u -p -r1.165 ssh-add.c
--- ssh-add.c 4 Feb 2022 02:49:17 -0000 1.165
+++ ssh-add.c 9 May 2022 16:04:14 -0000
@@ -117,8 +117,9 @@ delete_one(int agent_fd, const struct ss
return r;
}
if (!qflag) {
- fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
- sshkey_type(key), comment);
+ fprintf(stderr, "Identity removed: %s %s%s%s%s\n", path,
+ sshkey_type(key), comment ? " (" : "",
+ comment ? comment : "", comment ? ")" : "");
}
return 0;
}
@@ -392,7 +393,7 @@ add_file(int agent_fd, const char *filen
certpath, filename);
sshkey_free(cert);
goto out;
- }
+ }
/* Graft with private bits */
if ((r = sshkey_to_certified(private)) != 0) {
