The initial test for a line ending with "PRIVATE KEY-----" failed to
take into account the possibility that the line might be shorter than
that. Fixed by introducing a new library function strendswith(), and
strstartswith() for good measure, and using that.
Thanks to Hanno Böck for spotting this, with the aid of AFL.
(cherry picked from commit
fa7b23ce9025daba08e86bb934fc430099792b9a)
Conflicts:
misc.c
misc.h
(cherry-picker's note: the conflicts were only due to other functions
introduced on trunk just next to the ones introduced by this commit)
goto error;
}
strip_crlf(line);
- if (0 != strncmp(line, "-----BEGIN ", 11) ||
- 0 != strcmp(line+strlen(line)-16, "PRIVATE KEY-----")) {
+ if (!strstartswith(line, "-----BEGIN ") ||
+ !strendswith(line, "PRIVATE KEY-----")) {
errmsg = "file does not begin with OpenSSH key header";
goto error;
}
goto error;
}
strip_crlf(line);
- if (0 == strncmp(line, "-----END ", 9) &&
- 0 == strcmp(line+strlen(line)-16, "PRIVATE KEY-----")) {
+ if (strstartswith(line, "-----END ") &&
+ strendswith(line, "PRIVATE KEY-----")) {
sfree(line);
line = NULL;
break; /* done */
* we want to return 1, so then we can just shift down. */
return (0x100 - val) >> 8;
}
+
+int strstartswith(const char *s, const char *t)
+{
+ return !memcmp(s, t, strlen(t));
+}
+
+int strendswith(const char *s, const char *t)
+{
+ size_t slen = strlen(s), tlen = strlen(t);
+ return slen >= tlen && !strcmp(s + (slen - tlen), t);
+}
int toint(unsigned);
char *fgetline(FILE *fp);
+int strstartswith(const char *s, const char *t);
+int strendswith(const char *s, const char *t);
void base64_encode_atom(unsigned char *data, int n, char *out);
int base64_decode_atom(char *atom, unsigned char *out);