Fix infinite loop on a truncated RFC4176 public key file.

You could reproduce this, for example, by cutting the final line reading "---- END SSH2 PUBLIC KEY ----" off the end of a file, and feeding it to Unix 'puttygen -l'. rfc4716_loadpub() was looping round on get_chomped_line() until it found a line starting with "-" after the base64 data. But it failed to check for the end of the file as well, so if the data was truncated, it would just keep spinning at the end of the file.
2025-07-02 03:52:49 -05:00 · 2024-08-10 13:39:17 +01:00
parent 81dcace4f1
commit 8005738eaf
2 changed files with 32 additions and 0 deletions
--- a/sshpubk.c
+++ b/sshpubk.c
@ -1096,6 +1096,8 @@ static bool rfc4716_loadpub(BinarySource *src, char **algorithm,
            }
        }
        sfree(line); line = NULL;
+        if (!get_avail(src))
+            break;
        line = mkstr(get_chomped_line(src));
    }