commit d77bec5ef230c9b6f65f6e2c10ed84ffc379ae22
from: Stefan Sperling <stsp@stsp.name>
date: Thu Jun  5 14:33:54 2025 UTC

fix gotsys-read-conf crash when ssh key comments are missing in gotsys.conf

Add test coverage for this issue.

commit - 8c3d2a37a5bc641f77f3b9b05b64a7be841a9450
commit + d77bec5ef230c9b6f65f6e2c10ed84ffc379ae22
blob - 58b5c39c8106660a557c87b8ece84046cd2dbadf
blob + 903425a0f1f8ea6005fc5ffad6442d81d2bc73f7
--- lib/gotsys_imsg.c
+++ lib/gotsys_imsg.c
@@ -456,12 +456,15 @@ gotsys_imsg_send_authorized_keys(struct gotsysd_imsgev
 			    "authorized key too long: %s:", k->key);
 		}
 
-		commentlen = strlen(k->comment);
-		if (commentlen > GOTSYS_AUTHORIZED_KEY_MAXLEN) {
-			return got_error_fmt(GOT_ERR_NO_SPACE,
-			    "authorized key comment too long: %s:",
-			    k->comment);
-		}
+		if (k->comment) {
+			commentlen = strlen(k->comment);
+			if (commentlen > GOTSYS_AUTHORIZED_KEY_MAXLEN) {
+				return got_error_fmt(GOT_ERR_NO_SPACE,
+				    "authorized key comment too long: %s:",
+				    k->comment);
+			}
+		} else
+			commentlen = 0;
 
 		klen = typelen + datalen + commentlen;
 		if (klen > GOTSYS_AUTHORIZED_KEY_MAXLEN) {
@@ -481,7 +484,7 @@ gotsys_imsg_send_authorized_keys(struct gotsysd_imsgev
 
 		ikey.keytype_len = strlen(k->keytype);
 		ikey.keydata_len = strlen(k->key);
-		ikey.comment_len = strlen(k->comment);
+		ikey.comment_len = k->comment ? strlen(k->comment) : 0;
 
 		klen = ikey.keytype_len + ikey.keydata_len + ikey.comment_len;
 
@@ -512,7 +515,8 @@ gotsys_imsg_send_authorized_keys(struct gotsysd_imsgev
 		if (imsg_add(wbuf, k->key, ikey.keydata_len) == -1)
 			return got_error_from_errno_fmt("imsg_add %d",
 			    imsg_type);
-		if (imsg_add(wbuf, k->comment, ikey.comment_len) == -1)
+		if (ikey.comment_len > 0 &&
+		    imsg_add(wbuf, k->comment, ikey.comment_len) == -1)
 			return got_error_from_errno_fmt("imsg_add %d",
 			    imsg_type);
 
blob - 9ab2945ef4f0d7684ff35c3c3ec60abe54b149c5
blob + da2ba9e791a56f80f6a789fb2fae102adc6501aa
--- regress/gotsysd/test_gotsysd.sh
+++ regress/gotsysd/test_gotsysd.sh
@@ -292,7 +292,8 @@ test_user_mod() {
 
 	crypted_vm_pw=`echo ${GOTSYSD_VM_PASSWORD} | encrypt | tr -d '\n'`
 	crypted_pw=`echo ${GOTSYSD_DEV_PASSWORD}1234 | encrypt | tr -d '\n'`
-	sshkey=`cat ${GOTSYSD_SSH_PUBKEY}`
+	# strip the optional ssh key comment for better test coverage
+	sshkey=`cat ${GOTSYSD_SSH_PUBKEY} | cut -d' ' -f 1,2`
 	cat > ${testroot}/wt/gotsys.conf <<EOF
 user ${GOTSYSD_TEST_USER} {
 	password "${crypted_vm_pw}"