- djm@cvs.openbsd.org 2011/10/18 04:58:26

     [auth-options.c key.c]
     remove explict search for \0 in packet strings, this job is now done
     implicitly by buffer_get_cstring; ok markus

3 files changed, 6 insertions, 21 deletions

diff --git a/ChangeLog b/ChangeLog
index c3eb5757a..583f88f22 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,10 @@
    - stsp@cvs.openbsd.org 2011/10/16 15:51:39
      [moduli.c]
      add missing includes to unbreak tree; fix from rpointel
+   - djm@cvs.openbsd.org 2011/10/18 04:58:26
+     [auth-options.c key.c]
+     remove explict search for \0 in packet strings, this job is now done
+     implicitly by buffer_get_cstring; ok markus
 
 20111001
  - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning.  ok djm
diff --git a/auth-options.c b/auth-options.c
index b3c19c1c0..0e67bd8c0 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.55 2011/09/23 00:22:04 dtucker Exp $ */
+/* $OpenBSD: auth-options.c,v 1.56 2011/10/18 04:58:26 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -452,10 +452,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
                 buffer_append(&data, data_blob, dlen);
                 debug3("found certificate option \"%.100s\" len %u",
                     name, dlen);
-                if (strlen(name) != nlen) {
-                        error("Certificate constraint name contains \\0");
-                        goto out;
-                }
                 found = 0;
                 if ((which & OPTIONS_EXTENSIONS) != 0) {
                         if (strcmp(name, "permit-X11-forwarding") == 0) {
@@ -485,11 +481,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
                                             "corrupt", name);
                                         goto out;
                                 }
-                                if (strlen(command) != clen) {
-                                        error("force-command constraint "
-                                            "contains \\0");
-                                        goto out;
-                                }
                                 if (*cert_forced_command != NULL) {
                                         error("Certificate has multiple "
                                             "force-command options");
@@ -506,11 +497,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
                                             "\"%s\" corrupt", name);
                                         goto out;
                                 }
-                                if (strlen(allowed) != clen) {
-                                        error("source-address constraint "
-                                            "contains \\0");
-                                        goto out;
-                                }
                                 if ((*cert_source_address_done)++) {
                                         error("Certificate has multiple "
                                             "source-address options");
diff --git a/key.c b/key.c
index 498cf5a60..5cc4132c0 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.97 2011/05/17 07:13:31 djm Exp $ */
+/* $OpenBSD: key.c,v 1.98 2011/10/18 04:58:26 djm Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1356,11 +1356,6 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen)
                 goto out;
         }
 
-        if (kidlen != strlen(key->cert->key_id)) {
-                error("%s: key ID contains \\0 character", __func__);
-                goto out;
-        }
-
         /* Signature is left in the buffer so we can calculate this length */
         signed_len = buffer_len(&key->cert->certblob) - buffer_len(b);