Launchpad shouldn't accept malformed ssh keys
Bug #230144 reported by
Tom Haddon
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
Colin Watson |
Bug Description
As discovered when determining which keys were compromised in the LP DB, we currently seem to accept malformed ssh keys. It would be good to only accept valid ssh keys, and then to remove all invalid ones.
Related branches
lp:~cjwatson/launchpad/reject-bad-ssh-keys
- Maximiliano Bertacchini (community): Approve
- Launchpad code reviewers: Pending requested
-
Diff: 333 lines (+89/-44)7 files modifiedlib/lp/registry/browser/tests/test_person_webservice.py (+7/-6)
lib/lp/registry/browser/tests/test_sshkey.py (+2/-2)
lib/lp/registry/interfaces/ssh.py (+9/-6)
lib/lp/registry/model/person.py (+13/-3)
lib/lp/registry/tests/test_personset.py (+8/-7)
lib/lp/registry/tests/test_ssh.py (+20/-11)
lib/lp/testing/factory.py (+30/-9)
description: | updated |
Changed in launchpad: | |
status: | Incomplete → Confirmed |
Changed in launchpad-registry: | |
importance: | Undecided → Low |
status: | Confirmed → Triaged |
tags: |
added: ssh removed: registry |
Changed in launchpad: | |
assignee: | nobody → Colin Watson (cjwatson) |
status: | Triaged → In Progress |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
What do you mean by invalid? Invalid as a malformed ssh key? Or vulnerable keys?
If you mean vulnerable, this is being fixed by bug 229986. I've checked with salgado and his patch doesn't check if the key is malformed or somewhat invalid.