check_ssh_key: now check file content before type validity

2014-01-12 05:02:00 +01:00 · 2014-01-12 05:02:00 +01:00 · cb9bf00da4
parent 6dca90348a
commit cb9bf00da4
1 changed files with 9 additions and 1 deletions
--- a/process/ldap/check_ssh_key.pl
+++ b/process/ldap/check_ssh_key.pl
@ -17,8 +17,16 @@ use ACU::Log;
 sub check_key($)
 {
    my $filename = shift;
+
+    # Check file content format
+    open my $fh, "<", $filename;
+    my $fcnt = <$fh>;
+    close $fh;
+    chomp($fcnt);
+
    # Call ssh-keygen
-    if (`ssh-keygen -l -f $filename 2> /dev/null` =~ /^([0-9]+) +[0-9a-f:]+ +.+ +\(([A-Z]+)\)$/)
+    if ($fcnt =~ /^(ssh|ecdsa)-[a-z0-9-]+ [a-zA-Z0-9+=\/]+( .*)?$/ &&
+	`ssh-keygen -l -f $filename 2> /dev/null` =~ /^([0-9]+) +[0-9a-f:]+ +.+ +\(([A-Z]+)\)$/)
    {
 	log INFO, "Receive valid key: type $2, size $1";
 	if ($2 eq "RSA") {