On 2021-07-14 12:10:10+0000, Fabian Stelzer via GitGitGadget wrote:
> + for (line = ssh_keygen_out.buf; *line; line = strchrnul(line + 1, '\n')) {
> + while (*line == '\n')
> + line++;
> + if (!*line)
> + break;
> +
> + trust_size = strcspn(line, " \n");
> + principal = xmemdupz(line, trust_size);
This breaks on principals with spaces in them (principals in the allowed
signers file can have spaces if surrounded by quotes). Looks like
strcspn should reject "\n" instead of " \n".
BTW, thanks for working on this feature. It seems much more convenient
than GPG in my testing.
