- djm@cvs.openbsd.org 2010/01/11 10:51:07

[ssh-keygen.c]
     when converting keys, truncate key comments at 72 chars as per RFC4716;
     bz#1630 reported by tj AT castaglia.org; ok markus@

ChangeLog

@@ -11,6 +11,10 @@
      Do not prompt for a passphrase if we fail to open a keyfile, and log the
      reason the open failed to debug.
      bz #1693, found by tj AT castaglia org, ok djm@
+   - djm@cvs.openbsd.org 2010/01/11 10:51:07
+     [ssh-keygen.c]
+     when converting keys, truncate key comments at 72 chars as per RFC4716;
+     bz#1630 reported by tj AT castaglia.org; ok markus@
 
 20100110
  - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]

ssh-keygen.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.175 2009/08/27 17:33:49 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.176 2010/01/11 10:51:07 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -181,6 +181,7 @@ do_convert_to_ssh2(struct passwd *pw)
 	Key *k;
 	u_int len;
 	u_char *blob;
+	char comment[61];
 	struct stat st;
 
 	if (!have_identity)
@@ -203,11 +204,14 @@ do_convert_to_ssh2(struct passwd *pw)
 		fprintf(stderr, "key_to_blob failed\n");
 		exit(1);
 	}
-	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
+	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
-	fprintf(stdout,
+	snprintf(comment, sizeof(comment),
-	    "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n",
+	    "%u-bit %s, converted by %s@%s from OpenSSH",
 	    key_size(k), key_type(k),
 	    pw->pw_name, hostname);
+
+	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
+	fprintf(stdout, "Comment: \"%s\"\n", comment);
 	dump_base64(stdout, blob, len);
 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
 	key_free(k);