#164: Knownhost API handles comments badly
-----------------------+----------------------------------------------------
Reporter: alamaison | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: API | Version: 1.2.4
Keywords: knownhost | Blocking:
Blockedby: |
-----------------------+----------------------------------------------------
OpenSSH-format known_hosts lines can include a comment after the key,
e.g.:
{{{
host2.example.com,10.0.0.1 ssh-rsa AAAAB3NzsnipAfglyt5/w== comment
}}}
libssh2 treats this comment as part of the key rather than a separate
entry. The most annoying consequence of this is that
`libssh2_knownhost_check` always finds a mismatch if the key has a comment
(as server hostkeys don't have comments).
Fixing this properly for the knownhost API would require an ABI change but
I propose the following fix that takes care of `libssh2_knownhost_check`:
{{{
#!diff
src/knownhost.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/src/knownhost.c b/src/knownhost.c
index fb0bff5..61ea441 100644
--- a/src/knownhost.c
+++ b/src/knownhost.c
@@ -327,8 +327,11 @@ libssh2_knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
break;
}
if(match) {
+ char* comment = strchr(node->key, ' ');
+
/* host name match, now compare the keys */
- if(!strcmp(key, node->key)) {
+ if((!comment && !strcmp(key, node->key)) ||
+ (comment && !strncmp(key, node->key, comment -
node->key))) {
/* they match! */
*ext = knownhost_to_external(node);
badkey = NULL;
}}}
This requires, however, that the key passed to `libssh2_knownhost_check`
doesn't have a comment. Would this break anyone's code? I imagine it's
unlikely as typically the key would have come from
`libssh2_session_hostkey`.
-- Ticket URL: <http://libssh2.stuge.se/ticket/164> libssh2 <http://libssh2.stuge.se/> C library for writing portable SSH2 clients _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-develReceived on 2010-03-07