From cbea1785d068bfb1e402234e08d8d74512a70c5e Mon Sep 17 00:00:00 2001
From: Tommi Virtanen <tv@eagain.net>
Date: Tue, 11 Dec 2007 22:43:05 +0200
Subject: Enforce safe usernames also when reading public key files from
 keydir.

Warning: if your keyfiles contain more than just a-z0-9, at sign, dots
or dashes, you will likely end up cutting off your access to your
gitosis repository with this upgrade.
---
 gitosis/ssh.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'gitosis/ssh.py')

diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index 3eb5c37..9e8d258 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -1,4 +1,13 @@
 import os, errno, re
+import logging
+
+log = logging.getLogger('gitosis.ssh')
+
+_ACCEPTABLE_USER_RE = re.compile(r'^[a-z][a-z0-9]*(@[a-z][a-z0-9.-]*)?$')
+
+def isSafeUsername(user):
+    match = _ACCEPTABLE_USER_RE.match(user)
+    return (match is not None)
 
 def readKeys(keydir):
     """
@@ -11,6 +20,10 @@ def readKeys(keydir):
         if ext != '.pub':
             continue
 
+        if not isSafeUsername(basename):
+            log.warn('Unsafe SSH username in keyfile: %r', filename)
+            continue
+
         path = os.path.join(keydir, filename)
         f = file(path)
         for line in f:
-- 
cgit v1.2.3