[openssh-commits] [openssh] 01/02: upstream: Ignore whitespace when checking explict fingerprint.

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Jan 23 13:45:28 AEDT 2020 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 65cf8730de6876a56595eef296e07a86c52534a6
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Wed Jan 22 07:38:30 2020 +0000

    upstream: Ignore whitespace when checking explict fingerprint.
    
    When confirming a host key using the fingerprint itself, ignore leading and
    trailing whitespace. ok deraadt@ djm@
    
    OpenBSD-Commit-ID: cafd7f803bbdcd40c3a8f8f1a77747e6b6d8c011
---
 sshconnect.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/sshconnect.c b/sshconnect.c
index 2b9ce9dd..a2d75981 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.325 2020/01/11 16:23:10 naddy Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.326 2020/01/22 07:38:30 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -580,22 +580,23 @@ confirm(const char *prompt, const char *fingerprint)
 {
 	const char *msg, *again = "Please type 'yes' or 'no': ";
 	const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
-	char *p;
+	char *p, *cp;
 	int ret = -1;
 
 	if (options.batch_mode)
 		return 0;
 	for (msg = prompt;;msg = fingerprint ? again_fp : again) {
-		p = read_passphrase(msg, RP_ECHO);
+		cp = p = read_passphrase(msg, RP_ECHO);
 		if (p == NULL)
 			return 0;
-		p[strcspn(p, "\n")] = '\0';
+		p += strspn(p, " \t"); /* skip leading whitespace */
+		p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */
 		if (p[0] == '\0' || strcasecmp(p, "no") == 0)
 			ret = 0;
 		else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
 		    strcasecmp(p, fingerprint) == 0))
 			ret = 1;
-		free(p);
+		free(cp);
 		if (ret != -1)
 			return ret;
 	}

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list