From 5dd42dfa2205fc3108689ef80542181e9e5da336 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 26 Jan 2024 15:06:17 +0100
Subject: [PATCH] examples: Avoid buffer overrun

and provide helpful warning message

CID 1533680:  Memory - illegal accesses  (OVERRUN)

Thanks coverity

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 examples/ssh_server.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/examples/ssh_server.c b/examples/ssh_server.c
index 3e9f344b..faf5e003 100644
--- a/examples/ssh_server.c
+++ b/examples/ssh_server.c
@@ -531,6 +531,14 @@ static int auth_publickey(ssh_session session,
             }
         }
 
+        if (i >= AUTH_KEYS_MAX_LINE_SIZE) {
+            fprintf(stderr,
+                    "warning: The line %d in %s too long! Skipping.\n",
+                    lineno,
+                    authorizedkeys);
+            continue;
+        }
+
         if (p[i] == '#' || p[i] == '\0' || p[i] == '\n') {
             continue;
         }
@@ -545,7 +553,16 @@ static int auth_publickey(ssh_session session,
 
         type = ssh_key_type_from_name(q);
 
-        q = &p[i + 1];
+        i++;
+        if (i >= AUTH_KEYS_MAX_LINE_SIZE) {
+            fprintf(stderr,
+                    "warning: The line %d in %s too long! Skipping.\n",
+                    lineno,
+                    authorizedkeys);
+            continue;
+        }
+
+        q = &p[i];
         for (; i < AUTH_KEYS_MAX_LINE_SIZE; i++) {
             if (isspace((int)p[i])) {
                 p[i] = '\0';