Skip to content

A
ansible
Commit 496186f5 by Brian Coca
Options

makes ssh plugin resilient against invalid entries in hosts file 

fixes #10238
parent e3490043
Showing with 16 additions and 14 deletions
lib/ansible/plugins/connections/ssh.py
...@@ -243,21 +243,23 @@ class Connection(ConnectionBase): ...@@ -243,21 +243,23 @@ class Connection(ConnectionBase):
tokens = line.split() tokens = line.split()
if not tokens: if not tokens:
continue continue
if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
# this is a hashed known host entry if isinstance(tokens, list) and tokens: # skip invalid hostlines
try: if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
(kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) # this is a hashed known host entry
hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1) try:
hash.update(host) (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2)
if hash.digest() == kn_host.decode('base64'): hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1)
hash.update(host)
if hash.digest() == kn_host.decode('base64'):
return False
except:
# invalid hashed host key, skip it
continue
else:
# standard host file entry
if host in tokens[0]:
return False return False
except:
# invalid hashed host key, skip it
continue
else:
# standard host file entry
if host in tokens[0]:
return False
if (hfiles_not_found == len(host_file_list)): if (hfiles_not_found == len(host_file_list)):
self._display.vvv("EXEC previous known host file not found for {0}".format(host)) self._display.vvv("EXEC previous known host file not found for {0}".format(host))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment