review all user input, system(), and ``

2012-03-21 09:34:39 +05:30 · 2012-03-21 09:34:39 +05:30 · 5e2e13aac2
commit 5e2e13aac2
parent 98a6b08ff4
3 changed files with 10 additions and 4 deletions
--- a/src/commands/post-compile/ssh-authkeys
+++ b/src/commands/post-compile/ssh-authkeys
@ -87,6 +87,7 @@ sub fp {
    my $in = shift || '';
    if ( $in =~ /\.pub$/ ) {
        # single pubkey file
+        _die "bad pubkey file '$in'" unless $in =~ $REPONAME_PATT;
        return fp_file($in);
    } elsif ( -f $in ) {
        # an authkeys file
@ -99,7 +100,7 @@ sub fp {

 sub fp_file {
    my $f  = shift;
-    my $fp = `ssh-keygen -l -f $f`;
+    my $fp = `ssh-keygen -l -f '$f'`;
    chomp($fp);
    _die "fingerprinting failed for $f" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/;
    $fp = $1;