Merge branch 'rs/ssh-signing-fix'

Fixes to recently merged topic.

* rs/ssh-signing-fix:
  gpg-interface: avoid buffer overrun in parse_ssh_output()
  gpg-interface: handle missing " with " gracefully in parse_ssh_output()

Author: gitster

gpg-interface.c

@@ -387,17 +387,19 @@ static void parse_ssh_output(struct signature_check *sigc)
 	line = to_free = xmemdupz(sigc->output, strcspn(sigc->output, "\n"));
 
 	if (skip_prefix(line, "Good \"git\" signature for ", &line)) {
-		/* Valid signature and known principal */
-		sigc->result = 'G';
-		sigc->trust_level = TRUST_FULLY;
-
 		/* Search for the last "with" to get the full principal */
 		principal = line;
 		do {
 			search = strstr(line, " with ");
 			if (search)
 				line = search + 1;
 		} while (search != NULL);
+		if (line == principal)
+			goto cleanup;
+
+		/* Valid signature and known principal */
+		sigc->result = 'G';
+		sigc->trust_level = TRUST_FULLY;
 		sigc->signer = xmemdupz(principal, line - principal - 1);
 	} else if (skip_prefix(line, "Good \"git\" signature with ", &line)) {
 		/* Valid signature, but key unknown */
@@ -407,9 +409,9 @@ static void parse_ssh_output(struct signature_check *sigc)
 		goto cleanup;
 	}
 
-	key = strstr(line, "key");
+	key = strstr(line, "key ");
 	if (key) {
-		sigc->fingerprint = xstrdup(strstr(line, "key") + 4);
+		sigc->fingerprint = xstrdup(strstr(line, "key ") + 4);
 		sigc->key = xstrdup(sigc->fingerprint);
 	} else {
 		/*