Browse code

validiere SSH-Keys korrekt

Hanno Böck authored on03/03/2017 12:22:44
Showing2 changed files
... ...
@@ -134,6 +134,33 @@ function verify_shell( $input )
134 134
 }
135 135
 
136 136
 
137
+function filter_ssh_key($key)
138
+{
139
+  $keyparts = explode(" ", trim($key));
140
+
141
+  if ((count($keyparts) > 3) || (count($keyparts) < 2)) {
142
+    system_failure("Ungültiger SSH-Key!");
143
+  }
144
+
145
+  if (preg_match("/^[a-z0-9]+-[a-z0-9-]+$/", $keyparts[0]) === 0) {
146
+    system_failure("Ungültiger SSH-Key!");
147
+  }
148
+
149
+  if (base64_decode($keyparts[1], 1) == false) {
150
+    system_failure("Ungültiger SSH-Key!");
151
+  }
152
+
153
+  if ((count($keyparts) === 3) && (preg_match("/^[a-z0-9@]+$/", $keyparts[2]) === 0)) {
154
+    system_failure("Ungültiger SSH-Key!");
155
+  }
156
+
157
+  if (count($keyparts) === 2) {
158
+    return $keyparts[0]." ".$keyparts[1];
159
+  } else {
160
+    return $keyparts[0]." ".$keyparts[1]." ".$keyparts[2];
161
+  }
162
+}
163
+
137 164
 
138 165
 function check_path( $input )
139 166
 {
... ...
@@ -61,9 +61,11 @@ function create_dyndns_account($handle, $password_http, $sshkey)
61 61
     system_failure('Sie müssen entweder einen SSH-Key oder ein Passwort zum Web-Update eingeben.');  
62 62
 
63 63
   $handle = filter_input_username($handle);
64
-  $sshkey = filter_input_general($sshkey);
65
-  if (strlen($sshkey) == 0) {
64
+
65
+  if (strlen(trim($sshkey)) == 0) {
66 66
     $sshkey = NULL;
67
+  } else {
68
+    $sshkey = filter_ssh_key($sshkey);
67 69
   }
68 70
 
69 71
   $pwhash = NULL;