summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Falcon <TheRealFalcon@users.noreply.github.com>2021-05-05 10:54:17 -0500
committerGitHub <noreply@github.com>2021-05-05 11:54:17 -0400
commitf17f78fa9d28e62793a5f2c7109fc29eeffb0c89 (patch)
tree57d5ba65813dc4eaab81a45918818ed8d70b7eab
parent5f5fa5ee99296b3b1044682c41bab38a32cdccd7 (diff)
downloadvyos-cloud-init-f17f78fa9d28e62793a5f2c7109fc29eeffb0c89.tar.gz
vyos-cloud-init-f17f78fa9d28e62793a5f2c7109fc29eeffb0c89.zip
Add \r\n check for SSH keys in Azure (#889)
See https://bugs.launchpad.net/cloud-init/+bug/1910835
-rwxr-xr-xcloudinit/sources/DataSourceAzure.py3
-rw-r--r--tests/unittests/test_datasource/test_azure.py12
2 files changed, 15 insertions, 0 deletions
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index c0025c7b..2f3390c3 100755
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -1551,6 +1551,9 @@ def _key_is_openssh_formatted(key):
"""
Validate whether or not the key is OpenSSH-formatted.
"""
+ # See https://bugs.launchpad.net/cloud-init/+bug/1910835
+ if '\r\n' in key.strip():
+ return False
parser = ssh_util.AuthKeyLineParser()
try:
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
index f8433690..742d1faa 100644
--- a/tests/unittests/test_datasource/test_azure.py
+++ b/tests/unittests/test_datasource/test_azure.py
@@ -1764,6 +1764,18 @@ scbus-1 on xpt0 bus 0
self.assertEqual(ssh_keys, ["ssh-rsa key1"])
self.assertEqual(m_parse_certificates.call_count, 0)
+ def test_key_without_crlf_valid(self):
+ test_key = 'ssh-rsa somerandomkeystuff some comment'
+ assert True is dsaz._key_is_openssh_formatted(test_key)
+
+ def test_key_with_crlf_invalid(self):
+ test_key = 'ssh-rsa someran\r\ndomkeystuff some comment'
+ assert False is dsaz._key_is_openssh_formatted(test_key)
+
+ def test_key_endswith_crlf_valid(self):
+ test_key = 'ssh-rsa somerandomkeystuff some comment\r\n'
+ assert True is dsaz._key_is_openssh_formatted(test_key)
+
@mock.patch(
'cloudinit.sources.helpers.azure.OpenSSLManager.parse_certificates')
@mock.patch(MOCKPATH + 'get_metadata_from_imds')