From 2ab4f2a018766559252f2c3426a3735f0860ac0d Mon Sep 17 00:00:00 2001
From: Alex Wilson <alex.wilson@joyent.com>
Date: Thu, 11 Oct 2018 17:43:54 -0700
Subject: [PATCH] joyent/node-sshpk#56 md5 fingerprints not quite right
 Reviewed by: Cody Peter Mello <cody.mello@joyent.com>

---
 lib/fingerprint.js  |  9 ++++++++-
 package.json        |  2 +-
 test/fingerprint.js | 16 ++++++++++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/lib/fingerprint.js b/lib/fingerprint.js
index 62f3754..4382f60 100644
--- a/lib/fingerprint.js
+++ b/lib/fingerprint.js
@@ -99,10 +99,17 @@ Fingerprint.parse = function (fp, options) {
 		alg = 'md5';
 		if (parts[0].toLowerCase() === 'md5')
 			parts = parts.slice(1);
+		parts = parts.map(function (p) {
+			while (p.length < 2)
+				p = '0' + p;
+			if (p.length > 2)
+				throw (new FingerprintFormatError(fp));
+			return (p);
+		});
 		parts = parts.join('');
 		/*JSSTYLED*/
 		var md5RE = /^[a-fA-F0-9]+$/;
-		if (!md5RE.test(parts) || md5RE.length % 2 !== 0)
+		if (!md5RE.test(parts) || parts.length % 2 !== 0)
 			throw (new FingerprintFormatError(fp));
 		try {
 			hash = Buffer.from(parts, 'hex');
diff --git a/package.json b/package.json
index 4c19aa2..0166efe 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sshpk",
-  "version": "1.15.0",
+  "version": "1.15.1",
   "description": "A library for finding and using SSH public keys",
   "main": "lib/index.js",
   "scripts": {
diff --git a/test/fingerprint.js b/test/fingerprint.js
index a74b5ac..27d04ca 100644
--- a/test/fingerprint.js
+++ b/test/fingerprint.js
@@ -84,6 +84,18 @@ test('fingerprint matches', function(t) {
 	    'SHA256:PYC9kPVC6J873CSIbfp0LwYeczP/W4ffObNCuDJ1u5w');
 	t.ok(f.matches(k2));
 	t.ok(!f.matches(k1));
+	var f2 = sshpk.parseFingerprint(
+	    '59:a4:61:0e:38:18:9f:0f:28:58:2a:27:f7:65:c5:87');
+	t.ok(f2.matches(k1));
+	t.ok(!f2.matches(k2));
+	var f3 = sshpk.parseFingerprint(
+	    'MD5:59:a4:61:e:38:18:9f:f:28:58:2a:27:f7:65:c5:87');
+	t.ok(f3.matches(k1));
+	t.ok(!f3.matches(k2));
+	var f4 = sshpk.parseFingerprint(
+	    'SHA1:3JP2y/wCv8KnvAunLz7EjcEhKeE');
+	t.ok(f4.matches(k1));
+	t.ok(!f4.matches(k2));
 	t.end();
 });
 
@@ -118,5 +130,9 @@ test('invalid fingerprints', function(t) {
 		var fp = sshpk.parseFingerprint(
 		    '59:a4:61:0e:38:18:9f:0f:28:58:2a:27:f7:65:c5:878');
 	}, sshpk.FingerprintFormatError);
+	t.throws(function () {
+		var fp = sshpk.parseFingerprint(
+		    '59:a46:1:0e:38:18:9f:0f:28:58:2a:27:f7:65:c5:87');
+	}, sshpk.FingerprintFormatError);
 	t.end();
 });