On Sat, Jan 02, 2016 at 10:20:15PM +0100, Roland Hieber wrote: > On 02.01.2016 22:12, Roland Hieber wrote: > > Since this is my first patch to OpenSSH, I'm very open for feedback :-) > > ...he wrote without attaching the patch... Hi, and thank you for pointing that out. > + char * pc = NULL; nitpick: char *pc (without space)? > + > + while ((pc = strchr(comment, '\x1b'))) { > + *pc = '.'; > + } > + Why not adding the escape char to reject list in sshkey_try_load_public (authfile.c)? Makes me think that it would be safer to use strspn with a conservative accept set, or scan all chars for isalnum(c) || isblank(c) || ispunct(c). Just my two cents. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev