This bug shouldn't be reachable so long as secret_to_key_len and secret_to_key_make_specifier stay in sync, but we might screw up someday. Found by coverity; this is CID 1241500
@@ -392,6 +392,9 @@ secret_to_key_new(uint8_t *buf,
type = buf[0];
key_len = secret_to_key_key_len(type);
+ if (key_len < 0)
+ return key_len;
+
if ((int)buf_len < key_len + spec_len)
return S2K_TRUNCATED;