- chl@cvs.openbsd.org 2007/10/02 17:49:58

     [ssh-keygen.c]
     handles zero-sized strings that fgets can return

2 files changed, 11 insertions, 10 deletions

diff --git a/ChangeLog b/ChangeLog
index 6c5b78e75..a3cc1058b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,9 @@
    - dtucker@cvs.openbsd.org 2007/09/29 00:25:51
      [auth2.c]
      Remove unused prototype.  ok djm@
+   - chl@cvs.openbsd.org 2007/10/02 17:49:58
+     [ssh-keygen.c]
+     handles zero-sized strings that fgets can return
 
 20070927
  - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
@@ -3301,4 +3304,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4766 2007/10/26 04:26:15 djm Exp $
+$Id: ChangeLog,v 1.4767 2007/10/26 04:26:32 djm Exp $
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2b2399c50..657937629 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.162 2007/09/11 15:47:17 gilles Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.163 2007/10/02 17:49:58 chl Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -535,8 +535,7 @@ do_fingerprint(struct passwd *pw)
         f = fopen(identity_file, "r");
         if (f != NULL) {
                 while (fgets(line, sizeof(line), f)) {
-                        i = strlen(line) - 1;
-                        if (line[i] != '\n') {
+                        if ((cp = strchr(line, '\n')) == NULL) {
                                 error("line %d too long: %.40s...", num, line);
                                 skip = 1;
                                 continue;
@@ -546,7 +545,7 @@ do_fingerprint(struct passwd *pw)
                                 skip = 0;
                                 continue;
                         }
-                        line[i] = '\0';
+                        *cp = '\0';
 
                         /* Skip leading whitespace, empty and comment lines. */
                         for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -614,7 +613,7 @@ do_known_hosts(struct passwd *pw, const char *name)
         Key *public;
         char *cp, *cp2, *kp, *kp2;
         char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN];
-        int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
+        int c, skip = 0, inplace = 0, num = 1, invalid = 0, has_unhashed = 0;
 
         if (!have_identity) {
                 cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@@ -649,19 +648,18 @@ do_known_hosts(struct passwd *pw, const char *name)
         }
 
         while (fgets(line, sizeof(line), in)) {
-                num++;
-                i = strlen(line) - 1;
-                if (line[i] != '\n') {
+                if ((cp = strchr(line, '\n')) == NULL) {
                         error("line %d too long: %.40s...", num, line);
                         skip = 1;
                         invalid = 1;
                         continue;
                 }
+                num++;
                 if (skip) {
                         skip = 0;
                         continue;
                 }
-                line[i] = '\0';
+                *cp = '\0';
 
                 /* Skip leading whitespace, empty and comment lines. */
                 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)