When reading SSH pub key don't assume last character is newline

The code was attempting to strip off any trailing newline and then
calling lstrip() on the rest.

This assumes that the key has a trailing newline. At best this
can cause the last character of the comment to be lost. If there
is no comment it will fail to load the key because it is invalid.

Patch by Félix-Antoine Fortin <felix-antoine.fortin@calculquebec.ca>

https://pagure.io/freeipa/issue/7959

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
Rob Crittenden 2019-06-03 17:54:16 -04:00
parent f606d82024
commit 21777e4ba0

View File

@ -1562,12 +1562,13 @@ def update_ssh_keys(hostname, ssh_dir, create_sshfp):
continue
for line in f:
line = line[:-1].lstrip()
line = line.strip()
if not line or line.startswith('#'):
continue
try:
pubkey = SSHPublicKey(line)
except (ValueError, UnicodeDecodeError):
except (ValueError, UnicodeDecodeError) as e:
logger.debug("Decoding line '%s' failed: %s", line, e)
continue
logger.info("Adding SSH public key from %s", filename)
pubkeys.append(pubkey)