On Friday, October 12, 2018 3:53:32 PM CEST Tilo Eckert wrote:
> Hi,
Hi Tilo,
> two patches are attached.
>
> The first one fixes an invalid read when parsing lines from the
> known_hosts file, which was introduced by commit 21962d. The bug causes
> host keys sent by the server to be randomly rejected. For the average
> known_hosts line, the tokens array in ssh_get_knownhost_line() contains
> four tokens, with tokens[3]=NULL. However, tokens[4] is accessed for
> token validation, which is beyond the end of the tokens array, resulting
> in valid host lines being dropped randomly.
>
> The patch completely removes the related check because the optional
> comment field may contain whitespace which would result in an arbitrary
> number of tokens. Hence, token count >= 3 implies a correctly formatted
> known_hosts line.
thanks. You should use the *new* API for known_hosts :-) I will mark the old
API as deprecated in master.
>
> The other patch fixes a type re-declaration issue which causes errors on
> some compilers.
I will push to master and stable-0.8 as soon as it passes CI.
Andreas
