Fix a segfault in parsing OpenSSH private key files.

The initial test for a line ending with "PRIVATE KEY-----" failed to
take into account the possibility that the line might be shorter than
that. Fixed by introducing a new library function strendswith(), and
strstartswith() for good measure, and using that.

Thanks to Hanno Böck for spotting this, with the aid of AFL.

import.c

@@ -383,8 +383,8 @@ static struct openssh_pem_key *load_openssh_pem_key(const Filename *filename,
 	goto error;
     }
     strip_crlf(line);
-    if (0 != strncmp(line, "-----BEGIN ", 11) ||
-	0 != strcmp(line+strlen(line)-16, "PRIVATE KEY-----")) {
+    if (!strstartswith(line, "-----BEGIN ") ||
+        !strendswith(line, "PRIVATE KEY-----")) {
 	errmsg = "file does not begin with OpenSSH key header";
 	goto error;
     }
@@ -421,8 +421,8 @@ static struct openssh_pem_key *load_openssh_pem_key(const Filename *filename,
 	    goto error;
 	}
 	strip_crlf(line);
-	if (0 == strncmp(line, "-----END ", 9) &&
-	    0 == strcmp(line+strlen(line)-16, "PRIVATE KEY-----")) {
+	if (strstartswith(line, "-----END ") &&
+	    strendswith(line, "PRIVATE KEY-----")) {
             sfree(line);
             line = NULL;
 	    break;		       /* done */

misc.c

@@ -1087,3 +1087,14 @@ int get_ssh_uint32(int *datalen, const void **data, unsigned *ret)
     *data = (const char *)*data + 4;
     return TRUE;
 }
+
+int strstartswith(const char *s, const char *t)
+{
+    return !memcmp(s, t, strlen(t));
+}
+
+int strendswith(const char *s, const char *t)
+{
+    size_t slen = strlen(s), tlen = strlen(t);
+    return slen >= tlen && !strcmp(s + (slen - tlen), t);
+}

misc.h

@@ -52,6 +52,8 @@ int toint(unsigned);
 
 char *fgetline(FILE *fp);
 char *chomp(char *str);
+int strstartswith(const char *s, const char *t);
+int strendswith(const char *s, const char *t);
 
 void base64_encode_atom(const unsigned char *data, int n, char *out);
 int base64_decode_atom(const char *atom, unsigned char *out);