From 9f8ef34f7573193ea2da0d12024eb009b2edc278 Mon Sep 17 00:00:00 2001
From: Justin Santa Barbara <justin@fathomdb.com>
Date: Mon, 28 Aug 2017 11:22:19 -0400
Subject: [PATCH] Warn if SSH fingerprint is obviously bad

In particular this catches double-encoding
---
 upup/pkg/fi/vfs_castore.go | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/upup/pkg/fi/vfs_castore.go b/upup/pkg/fi/vfs_castore.go
index 026d7c3ad93e6..c76d897ed1e96 100644
--- a/upup/pkg/fi/vfs_castore.go
+++ b/upup/pkg/fi/vfs_castore.go
@@ -634,20 +634,22 @@ func formatFingerprint(data []byte) string {
 }
 
 func insertFingerprintColons(id string) string {
-	var buf bytes.Buffer
+	remaining := id
 
+	var buf bytes.Buffer
 	for {
-		if id == "" {
+		if remaining == "" {
 			break
 		}
 		if buf.Len() != 0 {
 			buf.WriteString(":")
 		}
-		if len(id) < 2 {
-			buf.WriteString(id)
+		if len(remaining) < 2 {
+			glog.Warningf("unexpected format for SSH public key id: %q", id)
+			buf.WriteString(remaining)
 		} else {
-			buf.WriteString(id[0:2])
-			id = id[2:]
+			buf.WriteString(remaining[0:2])
+			remaining = remaining[2:]
 		}
 	}
 	return buf.String()