[pve-devel] [PATCH] sub ssh_merge_keys in PVE::Cluster is still not 100% safe. man authorized_keys says you're allowed to use several options in front of the ssh-{rsa, dsa} string.
Stefan Priebe
s.priebe at profihost.ag
Fri Nov 2 09:04:24 CET 2012
Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
---
data/PVE/Cluster.pm | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 3387fc8..78a7006 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1021,9 +1021,8 @@ sub ssh_merge_keys {
my $vhash = {};
my @lines = split(/\n/, $data);
foreach my $line (@lines) {
- if ($line =~ m/^ssh-rsa\s+(\S+)\s+\S+$/) {
- next if $vhash->{$1};
- $vhash->{$1} = 1;
+ if ($line !~ /^#/ && $line =~ m/(^|\s)ssh-(rsa|dsa)\s+(\S+)\s+\S+$/) {
+ next if $vhash->{$3}++;
}
$newdata .= "$line\n";
}
--
1.7.2.5
More information about the pve-devel
mailing list