ssh strlen fixes

Fri Nov 3 07:21:54 EST 2006

The following diffs fix negative index array accesses.  For the
path_append diff, if the first path is empty the second path is
just duplicated without a '/'.  Is this correct?

-Ray-

Index: misc.c
===================================================================
RCS file: /home/ray/openbsd/src/usr.bin/ssh/misc.c,v
retrieving revision 1.64
diff -u -p -r1.64 misc.c

--- misc.c	3 Aug 2006 03:34:42 -0000	1.64
+++ misc.c	2 Nov 2006 20:05:41 -0000
@@ -604,11 +604,15 @@ read_keyfile_line(FILE *f, const char *f
 {
 	while (fgets(buf, bufsz, f) != NULL) {
 		(*lineno)++;
-		if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
+		if (buf[0] != '\0' && buf[strlen(buf) - 1] == '\n' || feof(f)) {
 			return 0;
 		} else {
-			debug("%s: %s line %lu exceeds size limit", __func__,
-			    filename, *lineno);
+			if (buf[0] != '\0')
+				debug("%s: %s line %lu exceeds size limit",
+				    __func__, filename, *lineno);
+			else
+				debug("%s: %s line %lu contains a NUL character",
+				    __func__, filename, *lineno);
 			/* discard remainder of line */
 			while (fgetc(f) != '\n' && !feof(f))
 				;	/* nothing */
Index: sftp.c
===================================================================
RCS file: /home/ray/openbsd/src/usr.bin/ssh/sftp.c,v
retrieving revision 1.93
diff -u -p -r1.93 sftp.c
--- sftp.c	30 Sep 2006 17:48:22 -0000	1.93
+++ sftp.c	2 Nov 2006 20:14:58 -0000
@@ -286,11 +286,11 @@ static char *
 path_append(char *p1, char *p2)
 {
 	char *ret;
-	int len = strlen(p1) + strlen(p2) + 2;
+	size_t len = strlen(p1) + strlen(p2) + 2;
 
 	ret = xmalloc(len);
 	strlcpy(ret, p1, len);
-	if (p1[strlen(p1) - 1] != '/')
+	if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/')
 		strlcat(ret, "/", len);
 	strlcat(ret, p2, len);
 
