# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1520432181 -28800
# Node ID dc7c9fdb371667f22bc922807a316a95e139cf88
# Parent  e37f98ea4f24ee895ce2f9b03c0a455d06839c0a
don't allow null characters in authorized_keys

diff -r e37f98ea4f24 -r dc7c9fdb3716 svr-authpubkey.c
--- a/svr-authpubkey.c	Wed Mar 07 22:14:36 2018 +0800
+++ b/svr-authpubkey.c	Wed Mar 07 22:16:21 2018 +0800
@@ -201,7 +201,12 @@
 
 	if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) {
 		TRACE(("checkpubkey_line: bad line length %d", line->len))
-		return DROPBEAR_FAILURE;
+		goto out;
+	}
+
+	if (memchr(line->data, 0x0, line->len) != NULL) {
+		TRACE(("checkpubkey_line: bad line has null char"))
+		goto out;
 	}
 
 	/* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */