From d04758dc4c001104933ce3e2088ac46d461ec1f1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 12 Jan 2010 19:41:57 +1100 Subject: [PATCH] - djm@cvs.openbsd.org 2010/01/11 10:51:07 [ssh-keygen.c] when converting keys, truncate key comments at 72 chars as per RFC4716; bz#1630 reported by tj AT castaglia.org; ok markus@ --- ChangeLog | 4 ++++ ssh-keygen.c | 12 ++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 74936fa8b..a9ae9ea3e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,10 @@ Do not prompt for a passphrase if we fail to open a keyfile, and log the reason the open failed to debug. bz #1693, found by tj AT castaglia org, ok djm@ + - djm@cvs.openbsd.org 2010/01/11 10:51:07 + [ssh-keygen.c] + when converting keys, truncate key comments at 72 chars as per RFC4716; + bz#1630 reported by tj AT castaglia.org; ok markus@ 20100110 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] diff --git a/ssh-keygen.c b/ssh-keygen.c index 4f90ac5c1..7f5185f8e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.175 2009/08/27 17:33:49 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.176 2010/01/11 10:51:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -181,6 +181,7 @@ do_convert_to_ssh2(struct passwd *pw) Key *k; u_int len; u_char *blob; + char comment[61]; struct stat st; if (!have_identity) @@ -203,11 +204,14 @@ do_convert_to_ssh2(struct passwd *pw) fprintf(stderr, "key_to_blob failed\n"); exit(1); } - fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); - fprintf(stdout, - "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n", + /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ + snprintf(comment, sizeof(comment), + "%u-bit %s, converted by %s@%s from OpenSSH", key_size(k), key_type(k), pw->pw_name, hostname); + + fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); + fprintf(stdout, "Comment: \"%s\"\n", comment); dump_base64(stdout, blob, len); fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); key_free(k);