[pve-devel] [PATCH] sub ssh_merge_keys in PVE::Cluster is still not 100% safe. man authorized_keys says you're allowed to use several options in front of the ssh-{rsa, dsa} string.

[Stefan Priebe]

Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
---
 data/PVE/Cluster.pm |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 3387fc8..78a7006 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1021,9 +1021,8 @@ sub ssh_merge_keys {
     my $vhash = {};
     my @lines = split(/\n/, $data);
     foreach my $line (@lines) {
-	if ($line =~ m/^ssh-rsa\s+(\S+)\s+\S+$/) {
-            next if $vhash->{$1};
-            $vhash->{$1} = 1;
+	if ($line !~ /^#/ && $line =~ m/(^|\s)ssh-(rsa|dsa)\s+(\S+)\s+\S+$/) {
+            next if $vhash->{$3}++;
 	}
 	$newdata .= "$line\n";
     }
-- 
1.7.2.5