- avsm@cvs.openbsd.org 2003/07/09 13:58:19

[key.c]
     minor tweak: when generating the hex fingerprint, give strlcat the full
     bound to the buffer, and add a comment below explaining why the
     zero-termination is one less than the bound.  markus@ ok

ChangeLog

@@ -7,6 +7,12 @@
    Call setauthdb() before loginfailed(), which may load password registry-
    specific functions.  Based on patch by cawlfiel@us.ibm.com.
  - (dtucker) [port-aix.h] Fix prototypes.
+ - (dtucker) OpenBSD CVS Sync
+   - avsm@cvs.openbsd.org 2003/07/09 13:58:19
+     [key.c]
+     minor tweak: when generating the hex fingerprint, give strlcat the full
+     bound to the buffer, and add a comment below explaining why the
+     zero-termination is one less than the bound.  markus@ ok
 
 20030708
  - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
@@ -680,4 +686,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.2853 2003/07/14 06:43:42 dtucker Exp $
+$Id: ChangeLog,v 1.2854 2003/07/14 07:28:34 dtucker Exp $

key.c

@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.53 2003/06/24 08:23:46 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.54 2003/07/09 13:58:19 avsm Exp $");
 
 #include <openssl/evp.h>
 
@@ -236,8 +236,10 @@ key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
 	for (i = 0; i < dgst_raw_len; i++) {
 		char hex[4];
 		snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
-		strlcat(retval, hex, dgst_raw_len * 3);
+		strlcat(retval, hex, dgst_raw_len * 3 + 1);
 	}
+
+	/* Remove the trailing ':' character */
 	retval[(dgst_raw_len * 3) - 1] = '\0';
 	return retval;
 }