On 16.07.21 02:07, Gwyneth Morgan wrote:
On 2021-07-14 12:10:10+0000, Fabian Stelzer via GitGitGadget wrote:
+ for (line = ssh_keygen_out.buf; *line; line = strchrnul(line + 1, '\n')) {
+ while (*line == '\n')
+ line++;
+ if (!*line)
+ break;
+
+ trust_size = strcspn(line, " \n");
+ principal = xmemdupz(line, trust_size);
This breaks on principals with spaces in them (principals in the allowed
signers file can have spaces if surrounded by quotes). Looks like
strcspn should reject "\n" instead of " \n".
BTW, thanks for working on this feature. It seems much more convenient
than GPG in my testing.
Oh thanks. Very nice catch. Easily fixed here but i'll have to rewrite
the verification output parsing to account for this as well.
I will add a testcase too.
