Discard over-length authorized_keys entries rather than complaining when

they don't decode. bz #884, with & ok djm@
author: dtucker <dtucker@openbsd.org> 2004-12-06 11:41:03 +0000
committer: dtucker <dtucker@openbsd.org> 2004-12-06 11:41:03 +0000
commit: a4f554e9c292833298cee8e0eb3d4e2fb0964456 (patch)
tree: c44b84a462a6f7fc846590bfdd4a787116bfc54c /usr.bin/ssh/authfile.c
parent: tell net80211 that we can get probes/beacons on any channel during a scan. (diff)
download: wireguard-openbsd-a4f554e9c292833298cee8e0eb3d4e2fb0964456.tar.xz
wireguard-openbsd-a4f554e9c292833298cee8e0eb3d4e2fb0964456.zip
1 files changed, 5 insertions, 4 deletions
diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c
index a528577d084..7b9d7ca8c2b 100644
--- a/usr.bin/ssh/authfile.c
+++ b/usr.bin/ssh/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.58 2004/08/23 11:48:09 djm Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.59 2004/12/06 11:41:03 dtucker Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -598,13 +598,14 @@ static int
 key_try_load_public(Key *k, const char *filename, char **commentp)
 {
 	FILE *f;
-	char line[4096];
+	char line[SSH_MAX_PUBKEY_BYTES];
 	char *cp;
+	int linenum = 0;
 
 	f = fopen(filename, "r");
 	if (f != NULL) {
-		while (fgets(line, sizeof(line), f)) {
-			line[sizeof(line)-1] = '\0';
+		while (read_keyfile_line(f, filename, line, sizeof(line),
+			    &linenum) != -1) {
 			cp = line;
 			switch (*cp) {
 			case '#':
author	dtucker <dtucker@openbsd.org>	2004-12-06 11:41:03 +0000
committer	dtucker <dtucker@openbsd.org>	2004-12-06 11:41:03 +0000
commit	a4f554e9c292833298cee8e0eb3d4e2fb0964456 (patch)
tree	c44b84a462a6f7fc846590bfdd4a787116bfc54c /usr.bin/ssh/authfile.c
parent	tell net80211 that we can get probes/beacons on any channel during a scan. (diff)
download	wireguard-openbsd-a4f554e9c292833298cee8e0eb3d4e2fb0964456.tar.xz wireguard-openbsd-a4f554e9c292833298cee8e0eb3d4e2fb0964456.zip