On Mon, Jan 3, 2022 at 9:24 AM Fabian Stelzer <fs@xxxxxxxxxxxx> wrote:
> We need to trim \r from the output of 'ssh-keygen -Y find-principals' on
> Windows, or we end up calling 'ssh-keygen -Y verify' with a bogus signer
> identity. ssh-keygen.c:2841 contains a call to puts(3), which confirms
> this hypothesis. Signature verification passes with the fix.
>
> Helped-by: Pedro Martelletto <pedro@xxxxxxxxxx>
> Signed-off-by: Fabian Stelzer <fs@xxxxxxxxxxxx>
> ---
> diff --git a/gpg-interface.c b/gpg-interface.c
> @@ -509,7 +509,10 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
> - trust_size = strcspn(line, "\n");
> + trust_size = strcspn(line, "\n"); /* truncate at LF */
> + if (trust_size && trust_size != strlen(line) &&
> + line[trust_size - 1] == '\r')
> + trust_size--; /* the LF was part of CRLF at the end */
I may be misunderstanding, but isn't the strlen() unnecessary?
if (trust_size && line[trust_size] &&
line[trust_size - 1] == '\r')
trust_size--;
