From 19df6a5d2ed220e6236aa1c921b7abdeba233dd1 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 22 May 2024 21:13:31 +0200
Subject: [PATCH] SSH: sanity check to please coverity
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes:
```
Error: INTEGER_OVERFLOW (CWE-190):
sssd-2.10.0/src/util/sss_ssh.c:195:13: underflow: The decrement operator on the unsigned variable ""len"" might result in an underflow.
sssd-2.10.0/src/util/sss_ssh.c:204:9: overflow_sink: ""len"", which might have underflowed, is passed to ""memcpy(out, pubkey->data, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
 #  202|           }
 #  203|
 #  204|->         memcpy(out, pubkey->data, len);
 #  205|           out[len] = '\0';
 #  206|       }
```

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>

Reference: https://github.com/SSSD/sssd/commit/19df6a5d2ed220e6236aa1c921b7abdeba233dd1
Conflict: NA

---
 src/util/sss_ssh.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/util/sss_ssh.c b/src/util/sss_ssh.c
index 9df397873..f9c0918fd 100644
--- a/src/util/sss_ssh.c
+++ b/src/util/sss_ssh.c
@@ -191,6 +191,10 @@ sss_ssh_format_pubkey(TALLOC_CTX *mem_ctx,
         }
 
         len = pubkey->data_len;
+        if (len == 0) {
+            ret = EINVAL;
+            goto done;
+        }
         if (pubkey->data[len - 1] == '\n') {
             len--;
         }
-- 
2.33.0