On 02.01.2016 22:12, Roland Hieber wrote: > Since this is my first patch to OpenSSH, I'm very open for feedback :-) ...he wrote without attaching the patch... Sorry. - Roland
commit 5c7d3d92937cbb65c33bd510aac1269b8a4903b6 Author: Roland Hieber <rohieb@xxxxxxxxxxx> Date: Sat Jan 2 17:53:14 2016 +0100 ssh-keygen: sanitize ANSI escape sequences in key comment diff --git a/ssh-keygen.c b/ssh-keygen.c index c3ec4f8..9eeb10c 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -836,6 +836,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment) char *fp = NULL, *ra = NULL; enum sshkey_fp_rep rep; int fptype; + char * pc = NULL; fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; @@ -843,6 +844,11 @@ fingerprint_one_key(const struct sshkey *public, const char *comment) ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) fatal("%s: sshkey_fingerprint failed", __func__); + + while ((pc = strchr(comment, '\x1b'))) { + *pc = '.'; + } + printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment ? comment : "no comment", sshkey_type(public)); if (log_level >= SYSLOG_LEVEL_VERBOSE)
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev