[Bug 2786] New OpenSSH fails to parse public keys with bogus whitespace

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Feb 23 16:17:43 AEDT 2018


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
   Attachment #3062|0                           |1
        is obsolete|                            |
                 CC|                            |djm at mindrot.org
   Attachment #3128|                            |ok?
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3128
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3128&action=edit
refactor sshkey_read, allow more whitespace

IMO sshkey_read() needs a more comprehensive refactor since it's quite
crufty and internally inconsistent, especially in how it allowed tab
characters in some places and not others.

This moves the big switch statement to the start of the function; it
was previously used to select v1/v2 key parsing but now only functions
as a test of key->type. Moving it allows the the whole function to be

It switches from strchr to strcspn to find spaces, and now accepts tabs
anywhere where whitespace is allowed.

Finally, it no longer modifies its argument during parsing but I'll
commit the flipping of its argument to const until later to avoid
colliding other in-progress diffs.

You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list