Changeset - be839636b6e4
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich (mads) - 5 years ago 2020-10-10 13:11:13
mads@kiilerich.com
Grafted from: 7f89850b6544
ssh: import binascii directly, instead of using it through base64 module

It is unfortunate that the base64 module is leaking its binascii internals in
exception types. We started using binascii through the base64 import in
08af13a090e0, but the import is not public, and pytype thus complains.
1 file changed with 2 insertions and 1 deletions:
kallithea/lib/ssh.py
2
1
0 comments (0 inline, 0 general)
kallithea/lib/ssh.py
Show inline comments
 
@@ -19,12 +19,13 @@
 
# GNU General Public License for more details.
 
#
 
# You should have received a copy of the GNU General Public License
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 

			




	
	
	
		
 
import base64

			




	
	
	
		
 
import binascii

			




	
	
	
		
 
import logging

			




	
	
	
		
 
import re

			




	
	
	
		
 
import struct

			




	
	
	
		
 

			




	
	
	
		
 
from tg.i18n import ugettext as _

			




	
	
	
		
 

			




	
	
		
 
@@ -106,13 +107,13 @@ def parse_pub_key(ssh_key):

			




	
	
	
		
 

			




	
	
	
		
 
    if re.search(r'[^a-zA-Z0-9+/=]', keyvalue):  # make sure b64decode doesn't stop at the first invalid character and skip the rest

			




	
	
	
		
 
        raise SshKeyParseError(_("Invalid SSH key - unexpected characters in base64 part %r") % keyvalue)

			




	
	
	
		
 

			




	
	
	
		
 
    try:

			




	
	
	
		
 
        key_bytes = base64.b64decode(keyvalue)

			




	
	
	
		
 
    except base64.binascii.Error:  # Must be caused by truncation - either "Invalid padding" or "Invalid base64-encoded string: number of data characters (x) cannot be 1 more than a multiple of 4"

			




	
	
	
		
 
    except binascii.Error:  # Must be caused by truncation - either "Invalid padding" or "Invalid base64-encoded string: number of data characters (x) cannot be 1 more than a multiple of 4"

			




	
	
	
		
 
        raise SshKeyParseError(_("Invalid SSH key - base64 part %r seems truncated (it can't be decoded)") % keyvalue)

			




	
	
	
		
 

			




	
	
	
		
 
    # Check key internals to make sure the key wasn't truncated in a way that base64 can decode:

			




	
	
	
		
 
    # Parse and verify key according to https://tools.ietf.org/html/rfc4253#section-6.6

			




	
	
	
		
 
    strings = []

			




	
	
	
		
 
    offset = 0

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: clio-19871
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.
            – Support