gpgsm: Fix import of some CR,LF ternminated certificates

* common/ksba-io-support.c (base64_reader_cb): Detect the END tag and
don't just rely on the padding chars.  This could happen only with
CR+LF termnmated PEM files.  Also move the detection into the invalid
character detection branch for a minor parser speedup.
--

GnuPG-bug-id: 4847
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 6248739799fd4a877529089375e2a4103d33e6f4)

1 files changed, 18 insertions, 8 deletions

diff --git a/common/ksba-io-support.c b/common/ksba-io-support.c
index 5c7fd220c..c7dd81a61 100644
--- a/common/ksba-io-support.c
+++ b/common/ksba-io-support.c
@@ -326,15 +326,25 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
               c = parm->line[parm->readpos++];
               if (c == '\n' || c == ' ' || c == '\r' || c == '\t')
                 continue;
-              if (c == '=')
-                { /* pad character: stop */
-                  if (idx == 1)
-                    buffer[n++] = val;
-                  parm->stop_seen = 1;
-                  break;
-                }
-              if( (c = asctobin[(c2=c)]) == 255 )
+              if ((c = asctobin[(c2=c)]) == 255)
                 {
+                  if (c2 == '=')
+                    { /* pad character: stop */
+                      if (idx == 1)
+                        buffer[n++] = val;
+                      parm->stop_seen = 1;
+                      break;
+                    }
+                  else if (c2 == '-'
+                           && parm->readpos == 1
+                           && parm->readpos-1+9 < parm->linelen
+                           && !strncmp ((char*)parm->line + parm->readpos-1,
+                                        "-----END ", 9))
+                    { /* END line seen (padding was not needed). */
+                      log_debug ("END seen\n");
+                      parm->stop_seen = 1;
+                      break;
+                    }
                   log_error (_("invalid radix64 character %02x skipped\n"),
                              c2);
                   continue;