Handle leading IP addresses in ssh-vulnkey input (LP: #230497).

2 files changed, 4 insertions, 1 deletions

diff --git a/debian/changelog b/debian/changelog
index e4a627a46..65a2b4265 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -48,6 +48,7 @@ openssh (1:4.7p1-11) UNRELEASED; urgency=low
     - Fix error output if ssh-vulnkey fails to read key files, with the
       exception of host keys unless -a was given.
     - In verbose mode, output the name of each file examined.
+  * Handle leading IP addresses in ssh-vulnkey input (LP: #230497).
 
  -- Colin Watson <cjwatson@debian.org>  Sat, 17 May 2008 08:48:45 +0200
 
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
index 3ffc3fa0c..467bef091 100644
--- a/ssh-vulnkey.c
+++ b/ssh-vulnkey.c
@@ -163,6 +163,7 @@ do_filename(const char *filename, int quiet_open)
                 int i;
                 char *space;
                 int type;
+                char *end;
 
                 /* Chop trailing newline. */
                 i = strlen(line) - 1;
@@ -187,7 +188,8 @@ do_filename(const char *filename, int quiet_open)
                 /* Leading number (RSA1) or valid type (RSA/DSA) indicates
                  * that we have no host name or options to skip.
                  */
-                if (atoi(cp) == 0 && type == KEY_UNSPEC) {
+                if ((strtol(cp, &end, 10) == 0 || *end != ' ') &&
+                    type == KEY_UNSPEC) {
                         int quoted = 0;
 
                         for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {