See the patch attached.
It was originally reported as a bug against the Perl wrapping model
Net::SSH2 here: https://rt.cpan.org/Ticket/Display.html?id=90800.
>From 53135ab1fdc319b613b027fa4e63586c67c4438e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Salvador=20Fandi=C3=B1o?= <[email protected]>
Date: Sun, 23 Aug 2015 20:49:01 +0200
Subject: [PATCH] Fix off by one error when reading public key file.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
After reading the public key from file the size was incorrectly decremented by one.
This was usually a harmless error as the last character on the public key file is an
unimportant EOL. But if due to some error the public key file is empty, the public
key size becomes (uint)(0 - 1), resulting in an unrecoverable out of memory error
later.
Signed-off-by: Salvador Fandiño <[email protected]>
---
src/userauth.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/src/userauth.c b/src/userauth.c
index 96c7e02..67bb9d2 100644
--- a/src/userauth.c
+++ b/src/userauth.c
@@ -546,10 +546,6 @@ file_read_publickey(LIBSSH2_SESSION * session, unsigned char **method,
while (!feof(fd) && 1 == fread(&c, 1, 1, fd) && c != '\r' && c != '\n') {
pubkey_len++;
}
- if (feof(fd)) {
- /* the last character was EOF */
- pubkey_len--;
- }
rewind(fd);
if (pubkey_len <= 1) {
--
2.1.4
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
