1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-17 14:07:03 +01:00

ssh: Fix adding an ed25519 key with a zero length comment.

* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--

Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.

The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.

GnuPG-bug-id: 5794
This commit is contained in:
Werner Koch 2022-01-28 19:59:11 +01:00
parent 34ea19aff9
commit 934a60de6b
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -623,7 +623,7 @@ stream_read_string (estream_t stream, unsigned int secure,
}
/* Read data. */
err = stream_read_data (stream, buffer, length);
err = length? stream_read_data (stream, buffer, length) : 0;
if (err)
goto out;
@ -633,7 +633,7 @@ stream_read_string (estream_t stream, unsigned int secure,
}
else /* Dummy read requested. */
{
err = stream_read_skip (stream, length);
err = length? stream_read_skip (stream, length) : 0;
if (err)
goto out;
}
@ -1735,6 +1735,11 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
estream_t format = NULL;
char *algo_name = NULL;
/* We can't encode an empty string in an S-expression, thus to keep
* the code simple we use "(none)" instead. */
if (!comment || !*comment)
comment = "(none)";
if ((key_spec.flags & SPEC_FLAG_IS_EdDSA))
{
/* It is much easier and more readable to use a separate code
@ -1754,7 +1759,7 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
"(comment%s))",
curve_name,
mpis[0], mpis[1],
comment? comment:"");
comment);
else
err = gcry_sexp_build (&sexp_new, NULL,
"(public-key(ecc(curve %s)"
@ -1762,7 +1767,8 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
"(comment%s))",
curve_name,
mpis[0],
comment? comment:"");
comment);
}
else
{