knownhosts, config: Avoid using MT-unsafe implementations of strtok()

Use the POSIX strtok_r() or equivalent implementations to resolve.

Thanks to @wez1 for the early review.

Fixes #104

Signed-off-by: Gene Oden <goden@fb.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

src/config.c

@@ -890,7 +890,7 @@ ssh_config_parse_line(ssh_session session,
     case SOC_PROTOCOL:
       p = ssh_config_get_str_tok(&s, NULL);
       if (p && *parsing) {
-        char *a, *b;
+        char *a, *b, *save = NULL;
         b = strdup(p);
         if (b == NULL) {
           SAFE_FREE(x);
@@ -900,7 +900,7 @@ ssh_config_parse_line(ssh_session session,
         i = 0;
         ssh_options_set(session, SSH_OPTIONS_SSH2, &i);
 
-        for (a = strtok(b, ","); a; a = strtok(NULL, ",")) {
+        for (a = strtok_r(b, ",", &save); a; a = strtok_r(NULL, ",", &save)) {
           switch (atoi(a)) {
             case 1:
               break;

src/knownhosts.c

@@ -621,6 +621,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
     struct ssh_knownhosts_entry *e = NULL;
     char *known_host = NULL;
     char *p;
+    char *save_tok = NULL;
     enum ssh_keytypes_e key_type;
     int match = 0;
     int rc = SSH_OK;
@@ -631,7 +632,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
     }
 
     /* match pattern for hostname or hashed hostname */
-    p = strtok(known_host, " ");
+    p = strtok_r(known_host, " ", &save_tok);
     if (p == NULL ) {
         free(known_host);
         return SSH_ERROR;
@@ -652,9 +653,11 @@ int ssh_known_hosts_parse_line(const char *hostname,
             match = match_hashed_hostname(hostname, p);
         }
 
-        for (q = strtok(p, ",");
+        save_tok = NULL;
+
+        for (q = strtok_r(p, ",", &save_tok);
              q != NULL;
-             q = strtok(NULL, ",")) {
+             q = strtok_r(NULL, ",", &save_tok)) {
             int cmp;
 
             if (q[0] == '[' && hostname[0] != '[') {
@@ -702,7 +705,9 @@ int ssh_known_hosts_parse_line(const char *hostname,
         goto out;
     }
 
-    p = strtok(known_host, " ");
+    save_tok = NULL;
+
+    p = strtok_r(known_host, " ", &save_tok);
     if (p == NULL ) {
         rc = SSH_ERROR;
         goto out;
@@ -715,7 +720,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
     }
 
     /* pubkey type */
-    p = strtok(NULL, " ");
+    p = strtok_r(NULL, " ", &save_tok);
     if (p == NULL) {
         rc = SSH_ERROR;
         goto out;
@@ -729,7 +734,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
     }
 
     /* public key */
-    p = strtok(NULL, " ");
+    p = strtok_r(NULL, " ", &save_tok);
     if (p == NULL) {
         rc = SSH_ERROR;
         goto out;
@@ -747,7 +752,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
     }
 
     /* comment */
-    p = strtok(NULL, " ");
+    p = strtok_r(NULL, " ", &save_tok);
     if (p != NULL) {
         p = strstr(line, p);
         if (p != NULL) {