From 2331900d1cc022c04177272a51c00690229bb989 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 28 Jan 2022 19:59:11 +0100
Subject: [PATCH] ssh: Fix adding an ed25519 key with a zero length comment.

* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--

Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.

The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.

GnuPG-bug-id: 5794
---
 agent/command-ssh.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 1ed541621..6836fb2e9 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -613,7 +613,7 @@ stream_read_string (estream_t stream, unsigned int secure,
         }
 
       /* Read data.  */
-      err = stream_read_data (stream, buffer, length);
+      err = length? stream_read_data (stream, buffer, length) : 0;
       if (err)
         goto out;
 
@@ -623,7 +623,7 @@ stream_read_string (estream_t stream, unsigned int secure,
     }
   else  /* Dummy read requested.  */
     {
-      err = stream_read_skip (stream, length);
+      err = length? stream_read_skip (stream, length) : 0;
       if (err)
         goto out;
     }
@@ -1725,6 +1725,11 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
   estream_t format = NULL;
   char *algo_name = NULL;
 
+  /* We can't encode an empty string in an S-expression, thus to keep
+   * the code simple we use "(none)" instead.  */
+  if (!comment || !*comment)
+    comment = "(none)";
+
   if ((key_spec.flags & SPEC_FLAG_IS_EdDSA))
     {
       /* It is much easier and more readable to use a separate code
@@ -1744,7 +1749,7 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
                                "(comment%s))",
                                curve_name,
                                mpis[0], mpis[1],
-                               comment? comment:"");
+                               comment);
       else
         err = gcry_sexp_build (&sexp_new, NULL,
                                "(public-key(ecc(curve %s)"
@@ -1752,7 +1757,8 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
                                "(comment%s))",
                                curve_name,
                                mpis[0],
-                               comment? comment:"");
+                               comment);
+
     }
   else
     {