From 65db97b4fa6b03059f2f14f313e07ca799d4ef3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Scharfe?= <l.s.r@web.de>
Date: Sat, 30 Oct 2021 19:07:38 +0200
Subject: gpg-interface: avoid buffer overrun in parse_ssh_output()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If the string "key" we found in the output of ssh-keygen happens to be
located at the very end of the line, then going four characters further
leaves us beyond the end of the string.  Explicitly search for the
space after "key" to handle a missing one gracefully.

Signed-off-by: René Scharfe <l.s.r@web.de>
Acked-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 gpg-interface.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gpg-interface.c')

diff --git a/gpg-interface.c b/gpg-interface.c
index 62d340e78a..3838536f0a 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -409,9 +409,9 @@ static void parse_ssh_output(struct signature_check *sigc)
 		goto cleanup;
 	}
 
-	key = strstr(line, "key");
+	key = strstr(line, "key ");
 	if (key) {
-		sigc->fingerprint = xstrdup(strstr(line, "key") + 4);
+		sigc->fingerprint = xstrdup(strstr(line, "key ") + 4);
 		sigc->key = xstrdup(sigc->fingerprint);
 	} else {
 		/*
-- 
cgit v1.2.3