gpg-interface: avoid buffer overrun in parse_ssh_output()

If the string "key" we found in the output of ssh-keygen happens to be
located at the very end of the line, then going four characters further
leaves us beyond the end of the string.  Explicitly search for the
space after "key" to handle a missing one gracefully.

Signed-off-by: René Scharfe <l.s.r@web.de>
Acked-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/gpg-interface.c b/gpg-interface.c
index 62d340e78a451633cef9fda63b5dc26debb210f0..3838536f0a50b5065cdf70decc9e25107e7e740d 100644 (file)
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -409,9 +409,9 @@ static void parse_ssh_output(struct signature_check *sigc)
                goto cleanup;
        }
 
-       key = strstr(line, "key");
+       key = strstr(line, "key ");
        if (key) {
-               sigc->fingerprint = xstrdup(strstr(line, "key") + 4);
+               sigc->fingerprint = xstrdup(strstr(line, "key ") + 4);
                sigc->key = xstrdup(sigc->fingerprint);
        } else {
                /*