Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-v9mv-h52f-7g63
v2.9 Backport
  • Loading branch information
nilmerg committed Mar 8, 2022
2 parents 9931ed7 + f24e2dd commit a06d915
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions application/forms/Config/Resource/SshResourceForm.php
Expand Up @@ -52,9 +52,13 @@ public function createElements(array $formData)

if ($this->getRequest()->getActionName() != 'editresource') {
$callbackValidator = new Zend_Validate_Callback(function ($value) {
if (openssl_pkey_get_private($value) === false) {
if (
substr(ltrim($value), 0, 7) === 'file://'
|| openssl_pkey_get_private($value) === false
) {
return false;
}

return true;
});
$callbackValidator->setMessage(
Expand Down Expand Up @@ -126,20 +130,19 @@ public static function beforeAdd(ResourceConfigForm $form)
$configDir = Icinga::app()->getConfigDir();
$user = $form->getElement('user')->getValue();

$filePath = $configDir . '/ssh/' . $user;

$filePath = join(DIRECTORY_SEPARATOR, [$configDir, 'ssh', sha1($user)]);
if (! file_exists($filePath)) {
$file = File::create($filePath, 0600);
} else {
$form->error(
sprintf($form->translate('The private key for the user "%s" is already exists.'), $user)
sprintf($form->translate('The private key for the user "%s" already exists.'), $user)
);
return false;
}

$file->fwrite($form->getElement('private_key')->getValue());

$form->getElement('private_key')->setValue($configDir . '/ssh/' . $user);
$form->getElement('private_key')->setValue($filePath);

return true;
}
Expand Down

0 comments on commit a06d915

Please sign in to comment.