validiere SSH-Keys korrekt
Hanno Böck commited on 2017-03-03 12:22:44
Zeige 2 geänderte Dateien mit 31 Einfügungen und 2 Löschungen.
- inc/security.php 8ceac9c..0e83688
- modules/dns/include/dnsinclude.php 503daf2..d82d301
| ... | ... |
@@ -134,6 +134,33 @@ function verify_shell( $input ) |
| 134 | 134 |
} |
| 135 | 135 |
|
| 136 | 136 |
|
| 137 |
+function filter_ssh_key($key) |
|
| 138 |
+{
|
|
| 139 |
+ $keyparts = explode(" ", trim($key));
|
|
| 140 |
+ |
|
| 141 |
+ if ((count($keyparts) > 3) || (count($keyparts) < 2)) {
|
|
| 142 |
+ system_failure("Ungültiger SSH-Key!");
|
|
| 143 |
+ } |
|
| 144 |
+ |
|
| 145 |
+ if (preg_match("/^[a-z0-9]+-[a-z0-9-]+$/", $keyparts[0]) === 0) {
|
|
| 146 |
+ system_failure("Ungültiger SSH-Key!");
|
|
| 147 |
+ } |
|
| 148 |
+ |
|
| 149 |
+ if (base64_decode($keyparts[1], 1) == false) {
|
|
| 150 |
+ system_failure("Ungültiger SSH-Key!");
|
|
| 151 |
+ } |
|
| 152 |
+ |
|
| 153 |
+ if ((count($keyparts) === 3) && (preg_match("/^[a-z0-9@]+$/", $keyparts[2]) === 0)) {
|
|
| 154 |
+ system_failure("Ungültiger SSH-Key!");
|
|
| 155 |
+ } |
|
| 156 |
+ |
|
| 157 |
+ if (count($keyparts) === 2) {
|
|
| 158 |
+ return $keyparts[0]." ".$keyparts[1]; |
|
| 159 |
+ } else {
|
|
| 160 |
+ return $keyparts[0]." ".$keyparts[1]." ".$keyparts[2]; |
|
| 161 |
+ } |
|
| 162 |
+} |
|
| 163 |
+ |
|
| 137 | 164 |
|
| 138 | 165 |
function check_path( $input ) |
| 139 | 166 |
{
|
| ... | ... |
@@ -61,9 +61,11 @@ function create_dyndns_account($handle, $password_http, $sshkey) |
| 61 | 61 |
system_failure('Sie müssen entweder einen SSH-Key oder ein Passwort zum Web-Update eingeben.');
|
| 62 | 62 |
|
| 63 | 63 |
$handle = filter_input_username($handle); |
| 64 |
- $sshkey = filter_input_general($sshkey); |
|
| 65 |
- if (strlen($sshkey) == 0) {
|
|
| 64 |
+ |
|
| 65 |
+ if (strlen(trim($sshkey)) == 0) {
|
|
| 66 | 66 |
$sshkey = NULL; |
| 67 |
+ } else {
|
|
| 68 |
+ $sshkey = filter_ssh_key($sshkey); |
|
| 67 | 69 |
} |
| 68 | 70 |
|
| 69 | 71 |
$pwhash = NULL; |
| 70 | 72 |