commit ddb085b36df4a5358dbeb2299c813826f34d39be
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Sat Jun 21 09:24:15 2025 UTC

fix gotsys-read-conf crash when ssh key comments are missing in gotsys.conf

Add test coverage for this issue.

commit - 9f4ec8bd2a1a84fd3e84353dcf6c047191966022
commit + ddb085b36df4a5358dbeb2299c813826f34d39be
blob - 9797f0e5ee96f68cc636be912ebe401e51ecd6c4
blob + 8b98215c12131cb98aac281679ad496bd5ba8b09
--- lib/gotsys_imsg.c
+++ lib/gotsys_imsg.c
@@ -456,12 +456,15 @@ gotsys_imsg_send_authorized_keys(struct gotsysd_imsgev
 			    "authorized key too long: %s:", k->key);
 		}
 
-		commentlen = strlen(k->comment);
-		if (commentlen > GOTSYS_AUTHORIZED_KEY_MAXLEN) {
-			return got_error_fmt(GOT_ERR_NO_SPACE,
-			    "authorized key comment too long: %s:",
-			    k->comment);
-		}
+		if (k->comment) {
+			commentlen = strlen(k->comment);
+			if (commentlen > GOTSYS_AUTHORIZED_KEY_MAXLEN) {
+				return got_error_fmt(GOT_ERR_NO_SPACE,
+				    "authorized key comment too long: %s:",
+				    k->comment);
+			}
+		} else
+			commentlen = 0;
 
 		klen = typelen + datalen + commentlen;
 		if (klen > GOTSYS_AUTHORIZED_KEY_MAXLEN) {
@@ -481,7 +484,7 @@ gotsys_imsg_send_authorized_keys(struct gotsysd_imsgev
 
 		ikey.keytype_len = strlen(k->keytype);
 		ikey.keydata_len = strlen(k->key);
-		ikey.comment_len = strlen(k->comment);
+		ikey.comment_len = k->comment ? strlen(k->comment) : 0;
 
 		klen = ikey.keytype_len + ikey.keydata_len + ikey.comment_len;
 
@@ -512,7 +515,8 @@ gotsys_imsg_send_authorized_keys(struct gotsysd_imsgev
 		if (imsg_add(wbuf, k->key, ikey.keydata_len) == -1)
 			return got_error_from_errno_fmt("imsg_add %d",
 			    imsg_type);
-		if (imsg_add(wbuf, k->comment, ikey.comment_len) == -1)
+		if (ikey.comment_len > 0 &&
+		    imsg_add(wbuf, k->comment, ikey.comment_len) == -1)
 			return got_error_from_errno_fmt("imsg_add %d",
 			    imsg_type);
 
blob - c383909160e6f6ab6021c5e3f37c1f351274673f
blob + 1ad6b1fd130557ddf6737ba042b5a736717e0cfb
--- regress/gotsysd/test_gotsysd.sh
+++ regress/gotsysd/test_gotsysd.sh
@@ -292,7 +292,8 @@ test_user_mod() {
 
 	crypted_vm_pw=`echo ${GOTSYSD_VM_PASSWORD} | encrypt | tr -d '\n'`
 	crypted_pw=`echo ${GOTSYSD_DEV_PASSWORD}1234 | encrypt | tr -d '\n'`
-	sshkey=`cat ${GOTSYSD_SSH_PUBKEY}`
+	# strip the optional ssh key comment for better test coverage
+	sshkey=`cat ${GOTSYSD_SSH_PUBKEY} | cut -d' ' -f 1,2`
 	cat > ${testroot}/wt/gotsys.conf <<EOF
 user ${GOTSYSD_TEST_USER} {
 	password "${crypted_vm_pw}"