On 30.10.21 19:07, René Scharfe wrote:
> If the string "key" we found in the output of ssh-keygen happens to be
> located at the very end of the line, then going four characters further
> leaves us beyond the end of the string. Explicitly search for the
> space after "key" to handle a missing one gracefully.
>
> Signed-off-by: René Scharfe <l.s.r@xxxxxx>
> ---
> This code was added after v2.33.0.
>
> gpg-interface.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gpg-interface.c b/gpg-interface.c
> index 62d340e78a..3838536f0a 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -409,9 +409,9 @@ static void parse_ssh_output(struct signature_check *sigc)
> goto cleanup;
> }
>
> - key = strstr(line, "key");
> + key = strstr(line, "key ");
> if (key) {
> - sigc->fingerprint = xstrdup(strstr(line, "key") + 4);
> + sigc->fingerprint = xstrdup(strstr(line, "key ") + 4);
> sigc->key = xstrdup(sigc->fingerprint);
> } else {
> /*
> --
> 2.33.1
>
Thanks. This is obviously correct.
