diff options
| author | Werner Koch <wk@gnupg.org> | 2022-01-28 19:59:11 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2022-01-28 19:59:11 +0100 |
| commit | 934a60de6b8892ea990c77f8bef8b2872e31a0f2 (patch) | |
| tree | bc9f01b129fdc5b491d90fe0898504ba4893bb0e | |
| parent | gpg: Allow --dearmor to decode all kinds of armor files. (diff) | |
| download | gnupg2-934a60de6b8892ea990c77f8bef8b2872e31a0f2.tar.xz gnupg2-934a60de6b8892ea990c77f8bef8b2872e31a0f2.zip | |
ssh: Fix adding an ed25519 key with a zero length comment.
* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--
Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.
The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.
GnuPG-bug-id: 5794
Diffstat (limited to '')
| -rw-r--r-- | agent/command-ssh.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/agent/command-ssh.c b/agent/command-ssh.c index d5720cc1d..426b11e67 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -623,7 +623,7 @@ stream_read_string (estream_t stream, unsigned int secure, } /* Read data. */ - err = stream_read_data (stream, buffer, length); + err = length? stream_read_data (stream, buffer, length) : 0; if (err) goto out; @@ -633,7 +633,7 @@ stream_read_string (estream_t stream, unsigned int secure, } else /* Dummy read requested. */ { - err = stream_read_skip (stream, length); + err = length? stream_read_skip (stream, length) : 0; if (err) goto out; } @@ -1735,6 +1735,11 @@ sexp_key_construct (gcry_sexp_t *r_sexp, estream_t format = NULL; char *algo_name = NULL; + /* We can't encode an empty string in an S-expression, thus to keep + * the code simple we use "(none)" instead. */ + if (!comment || !*comment) + comment = "(none)"; + if ((key_spec.flags & SPEC_FLAG_IS_EdDSA)) { /* It is much easier and more readable to use a separate code @@ -1754,7 +1759,7 @@ sexp_key_construct (gcry_sexp_t *r_sexp, "(comment%s))", curve_name, mpis[0], mpis[1], - comment? comment:""); + comment); else err = gcry_sexp_build (&sexp_new, NULL, "(public-key(ecc(curve %s)" @@ -1762,7 +1767,8 @@ sexp_key_construct (gcry_sexp_t *r_sexp, "(comment%s))", curve_name, mpis[0], - comment? comment:""); + comment); + } else { |