From 3fbb045d089ed1e6d9a2fcffac0aac24ca84f009 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 11:41:04 +0000 Subject: Discard over-length authorized_keys entries rather than complaining when they don't decode. bz #884, with & ok djm@ --- usr.bin/ssh/auth2-pubkey.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'usr.bin/ssh/auth2-pubkey.c') diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index 2a119d2fce0..a94418cc6c0 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -23,8 +23,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.8 2004/12/06 11:41:03 dtucker Exp $"); +#include "ssh.h" #include "ssh2.h" #include "xmalloc.h" #include "packet.h" @@ -163,7 +164,7 @@ done: static int user_key_allowed2(struct passwd *pw, Key *key, char *file) { - char line[8192]; + char line[SSH_MAX_PUBKEY_BYTES]; int found_key = 0; FILE *f; u_long linenum = 0; @@ -200,9 +201,9 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) found_key = 0; found = key_new(key->type); - while (fgets(line, sizeof(line), f)) { + while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp, *key_options = NULL; - linenum++; + /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; -- cgit v1.2.3