kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity
Browse Source

gpg-interface: avoid buffer overrun in parse_ssh_output() 

If the string "key" we found in the output of ssh-keygen happens to be
located at the very end of the line, then going four characters further
leaves us beyond the end of the string.  Explicitly search for the
space after "key" to handle a missing one gracefully.

Signed-off-by: René Scharfe <l.s.r@web.de>
Acked-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
René Scharfe 3 years ago committed by Junio C Hamano
parent
18b18503e3
commit
65db97b4fa
1 changed files with 2 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      gpg-interface.c

4
gpg-interface.c
Unescape View File

@ -409,9 +409,9 @@ static void parse_ssh_output(struct signature_check *sigc) @@ -409,9 +409,9 @@ static void parse_ssh_output(struct signature_check *sigc)
goto cleanup;
}

key = strstr(line, "key");
key = strstr(line, "key ");
if (key) {
sigc->fingerprint = xstrdup(strstr(line, "key") + 4);
sigc->fingerprint = xstrdup(strstr(line, "key ") + 4);
sigc->key = xstrdup(sigc->fingerprint);
} else {
/*

Write Preview
Loading…
Cancel
Save