Re: [PATCH 2/2] gpg-interface: avoid buffer overrun in parse_ssh_output()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 30.10.21 19:07, René Scharfe wrote:
> If the string "key" we found in the output of ssh-keygen happens to be
> located at the very end of the line, then going four characters further
> leaves us beyond the end of the string.  Explicitly search for the
> space after "key" to handle a missing one gracefully.
> 
> Signed-off-by: René Scharfe <l.s.r@xxxxxx>
> ---
> This code was added after v2.33.0.
> 
>  gpg-interface.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/gpg-interface.c b/gpg-interface.c
> index 62d340e78a..3838536f0a 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -409,9 +409,9 @@ static void parse_ssh_output(struct signature_check *sigc)
>  		goto cleanup;
>  	}
> 
> -	key = strstr(line, "key");
> +	key = strstr(line, "key ");
>  	if (key) {
> -		sigc->fingerprint = xstrdup(strstr(line, "key") + 4);
> +		sigc->fingerprint = xstrdup(strstr(line, "key ") + 4);
>  		sigc->key = xstrdup(sigc->fingerprint);
>  	} else {
>  		/*
> --
> 2.33.1
> 

Thanks. This is obviously correct.



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux