diff options
| author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-08-14 21:05:40 -0700 |
|---|---|---|
| committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-08-14 21:05:40 -0700 |
| commit | 2f89210eb11ccb0a7289f89a545697029b2bb9d7 (patch) | |
| tree | 31fb3e221eab22ff262d3e3116d9fcfec5bf09ac /src/common | |
| parent | 6d4dbe49e803c76d1c8ac3550aff6c246a251371 (diff) | |
Add sorting of the processed key lines so that "good" keys are output
at the end. This is done so that they take precedence over "bad" when
being processed in key files. If bad keys are processed after good
keys, there is a possibility of malicious bad key causing good keys to
be continually removed from key files, which would be a big nuisance.
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -484,7 +484,10 @@ process_user_id() { fi ;; esac - done + done | sort -t: -k1 -n -r + # NOTE: this last sort is important so that the "good" keys (key + # flag '0') come last. This is so that they take precedence when + # being processed in the key files over "bad" keys (key flag '1') } # process a single host in the known_host file @@ -498,16 +501,15 @@ process_host_known_hosts() { local tmpfile host="$1" + userID="ssh://${host}" log "processing: $host" - userID="ssh://${host}" - nKeys=0 nKeysOK=0 IFS=$'\n' - for line in $(process_user_id "ssh://${host}") ; do + for line in $(process_user_id "${userID}") ; do # note that key was found nKeys=$((nKeys+1)) |