From 1434f24911d62cd940a689e9d5cc8da8ddbb1894 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 20 Mar 2025 15:24:11 +0100
Subject: [PATCH] auth: Avoid forward-null pointer dereference

This could happen only if the function would really be called with the NULL
session, but this was never the case as the session is dereferenced already on
all code paths toward this place.

This is just to make the scanner happy that the session can not really be NULL
here.

Thanks coverity!

CID 1593926

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
---
 src/auth.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/auth.c b/src/auth.c
index 17190b67..b9a75cc7 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -480,7 +480,11 @@ static int add_hostbound_pubkey(ssh_session session)
     int rc;
     ssh_string server_pubkey_s = NULL;
 
-    if (session == NULL || session->current_crypto == NULL ||
+    if (session == NULL) {
+        return SSH_ERROR;
+    }
+
+    if (session->current_crypto == NULL ||
         session->current_crypto->server_pubkey == NULL) {
         ssh_set_error(session,
                       SSH_FATAL,