commit ec1fa0b0da154b298ffc00a08526894f2d1f8ef0
from: Omar Polo <op@omarpolo.com>
date: Sun Apr 25 16:49:28 2021 UTC

don't crash on invalid known_hosts file

commit - 5bb34a320d3d3f0e5198a6539caf9a0facb10a6d
commit + ec1fa0b0da154b298ffc00a08526894f2d1f8ef0
blob - 29eb896eea48da05f013fe9449898d56ba85677d
blob + f1d91bbbe7efedd85f36c3a3127776239806b287
--- ChangeLog
+++ ChangeLog
@@ -1,5 +1,7 @@
 2021-04-25  Omar Polo  <op@omarpolo.com>
 
+	* fs.c (load_certs): don't crash on invalid lines in known_hosts
+
 	* hash.c (telescope_lookup_tofu): save certificates per (host, port) tuple, not only per-host
 
 	* configure.ac: tagged 0.1.1
blob - 7829dd7f866afdc5f93a6096c0baa5eb5343e1c8
blob + 621124461c99bd05185e3c57e702f13921ee5b2d
--- fs.c
+++ fs.c
@@ -268,7 +268,7 @@ load_certs(struct ohash *h)
 	char		*p, *last, *el, *line = NULL;
 	const char	*errstr;
 	int		 i;
-	size_t		 linesize = 0;
+	size_t		 lineno = 0, linesize = 0;
 	ssize_t		 linelen;
 	FILE		*f;
 	struct tofu_entry *e;
@@ -280,15 +280,14 @@ load_certs(struct ohash *h)
 		if ((e = calloc(1, sizeof(*e))) == NULL)
 			abort();
 
+		lineno++;
 		i = 0;
                 for ((p = strtok_r(line, " ", &last)); p;
 		    (p = strtok_r(NULL, " ", &last))) {
-			if (*p == '\n') {
-				free(e);
+			if (*p == '\n')
 				break;
-			}
 
-			switch (i) {
+			switch (i++) {
 			case 0:
 				strlcpy(e->domain, p, sizeof(e->domain));
 				break;
@@ -297,7 +296,7 @@ load_certs(struct ohash *h)
 				break;
 			case 2:
 				if ((el = strchr(p, '\n')) == NULL)
-					abort();
+					break;
 				*el = '\0';
 
 				/* 0 <= verified <= 1 */
@@ -306,17 +305,17 @@ load_certs(struct ohash *h)
 					errx(1, "verification for %s is %s: %s",
 					    e->domain, errstr, p);
 				break;
-			default:
-				abort();
 			}
-			i++;
 		}
 
 		if (i != 0 && i != 3)
-			abort();
+			warnx("%s:%zu invalid entry",
+			    known_hosts_file, lineno);
 
-		if (i != 0)
+		if (i == 3)
 			tofu_add(h, e);
+		else
+			free(e);
 	}
 
 	free(line);