===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.134
retrieving revision 1.137
diff -u -r1.134 -r1.137
--- src/usr.bin/ssh/ssh-keygen.c	2005/11/28 05:16:53	1.134
+++ src/usr.bin/ssh/ssh-keygen.c	2006/03/13 08:43:16	1.137
@@ -12,8 +12,11 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.134 2005/11/28 05:16:53 dtucker Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.137 2006/03/13 08:43:16 dtucker Exp $");
 
+#include <sys/types.h>
+#include <sys/stat.h>
+
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 
@@ -302,13 +305,42 @@
 	return key;
 }
 
+static int
+get_line(FILE *fp, char *line, size_t len)
+{
+	int c;
+	size_t pos = 0;
+
+	line[0] = '\0';
+	while ((c = fgetc(fp)) != EOF) {
+		if (pos >= len - 1) {
+			fprintf(stderr, "input line too long.\n");
+			exit(1);
+		}
+		switch(c) {
+		case '\r':
+			c = fgetc(fp);
+			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) {
+				fprintf(stderr, "unget: %s\n", strerror(errno));
+				exit(1);
+			}
+			return pos;
+		case '\n':
+			return pos;
+		}
+		line[pos++] = c;
+		line[pos] = '\0';
+	}
+	return pos;
+}
+
 static void
 do_convert_from_ssh2(struct passwd *pw)
 {
 	Key *k;
 	int blen;
 	u_int len;
-	char line[1024], *p;
+	char line[1024];
 	u_char blob[8096];
 	char encoded[8096];
 	struct stat st;
@@ -327,12 +359,8 @@
 		exit(1);
 	}
 	encoded[0] = '\0';
-	while (fgets(line, sizeof(line), fp)) {
-		if (!(p = strchr(line, '\n'))) {
-			fprintf(stderr, "input line too long.\n");
-			exit(1);
-		}
-		if (p > line && p[-1] == '\\')
+	while ((blen = get_line(fp, line, sizeof(line))) != -1) {
+		if (line[blen - 1] == '\\')
 			escaped++;
 		if (strncmp(line, "----", 4) == 0 ||
 		    strstr(line, ": ") != NULL) {
@@ -349,7 +377,6 @@
 			/* fprintf(stderr, "escaped: %s", line); */
 			continue;
 		}
-		*p = '\0';
 		strlcat(encoded, line, sizeof(encoded));
 	}
 	len = strlen(encoded);
@@ -1254,12 +1281,12 @@
 		fprintf(stderr, "unknown key type %s\n", key_type_name);
 		exit(1);
 	}
+	if (bits == 0)
+		bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
 	if (type == KEY_DSA && bits != 1024)
 		fatal("DSA keys must be 1024 bits");
 	if (!quiet)
 		printf("Generating public/private %s key pair.\n", key_type_name);
-	if (bits == 0)
-		bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
 	private = key_generate(type, bits);
 	if (private == NULL) {
 		fprintf(stderr, "key_generate failed");