[Bug 631771] New: Verify base64 data has '=' end-markers

From: "sysadmin" (bugzilla.gnome.org) <bugzilla gnome org>
To: gnome-infrastructure gnome org
Subject: [Bug 631771] New: Verify base64 data has '=' end-markers
Date: Sat, 9 Oct 2010 18:31:11 +0000 (UTC)

https://bugzilla.gnome.org/show_bug.cgi?id=631771
  sysadmin | mango | unspecified

           Summary: Verify base64 data has '=' end-markers
    Classification: Infrastructure
           Product: sysadmin
           Version: unspecified
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: mango
        AssignedTo: sysadmin-maint gnome bugs
        ReportedBy: bugzilla-gnome vitters nl
         QAContact: sysadmin-maint gnome bugs
      GNOME target: ---
     GNOME version: ---


Mango currently verifies SSH keys by base64 decoding the data and checking if
that succeeds.

Seems that PHP allows the '=' end-markers to be left out. This resulted in the
key for jralls to be seen as valid and even with the right fingerprint, while
SSH would refuse to decode the base64 data.

Solution would be to be strict with the allowed base64 data. Not sure if PHP
allows this. Perhaps only to be implemented for the Django version.

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.

Follow-Ups:
- [Bug 631771] Verify base64 data has '=' end-markers
  - From: sysadmin
- [Bug 631771] Verify base64 data has '=' end-markers
  - From: sysadmin
- [Bug 631771] Verify base64 data has '=' end-markers
  - From: sysadmin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]