From f17f78fa9d28e62793a5f2c7109fc29eeffb0c89 Mon Sep 17 00:00:00 2001 From: James Falcon Date: Wed, 5 May 2021 10:54:17 -0500 Subject: Add \r\n check for SSH keys in Azure (#889) See https://bugs.launchpad.net/cloud-init/+bug/1910835 --- cloudinit/sources/DataSourceAzure.py | 3 +++ tests/unittests/test_datasource/test_azure.py | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py index c0025c7b..2f3390c3 100755 --- a/cloudinit/sources/DataSourceAzure.py +++ b/cloudinit/sources/DataSourceAzure.py @@ -1551,6 +1551,9 @@ def _key_is_openssh_formatted(key): """ Validate whether or not the key is OpenSSH-formatted. """ + # See https://bugs.launchpad.net/cloud-init/+bug/1910835 + if '\r\n' in key.strip(): + return False parser = ssh_util.AuthKeyLineParser() try: diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py index f8433690..742d1faa 100644 --- a/tests/unittests/test_datasource/test_azure.py +++ b/tests/unittests/test_datasource/test_azure.py @@ -1764,6 +1764,18 @@ scbus-1 on xpt0 bus 0 self.assertEqual(ssh_keys, ["ssh-rsa key1"]) self.assertEqual(m_parse_certificates.call_count, 0) + def test_key_without_crlf_valid(self): + test_key = 'ssh-rsa somerandomkeystuff some comment' + assert True is dsaz._key_is_openssh_formatted(test_key) + + def test_key_with_crlf_invalid(self): + test_key = 'ssh-rsa someran\r\ndomkeystuff some comment' + assert False is dsaz._key_is_openssh_formatted(test_key) + + def test_key_endswith_crlf_valid(self): + test_key = 'ssh-rsa somerandomkeystuff some comment\r\n' + assert True is dsaz._key_is_openssh_formatted(test_key) + @mock.patch( 'cloudinit.sources.helpers.azure.OpenSSLManager.parse_certificates') @mock.patch(MOCKPATH + 'get_metadata_from_imds') -- cgit v1.2.3