From 496186f5debf20ec3023c6fa99c8bb0a2b21a4fe Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Thu, 30 Jul 2015 23:33:09 -0400 Subject: [PATCH] makes ssh plugin resilient against invalid entries in hosts file fixes #10238 --- lib/ansible/plugins/connections/ssh.py | 30 ++++++++++++++------------ 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/lib/ansible/plugins/connections/ssh.py b/lib/ansible/plugins/connections/ssh.py index 1a520128fc..66ba14d5bb 100644 --- a/lib/ansible/plugins/connections/ssh.py +++ b/lib/ansible/plugins/connections/ssh.py @@ -243,21 +243,23 @@ class Connection(ConnectionBase): tokens = line.split() if not tokens: continue - if tokens[0].find(self.HASHED_KEY_MAGIC) == 0: - # this is a hashed known host entry - try: - (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) - hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1) - hash.update(host) - if hash.digest() == kn_host.decode('base64'): + + if isinstance(tokens, list) and tokens: # skip invalid hostlines + if tokens[0].find(self.HASHED_KEY_MAGIC) == 0: + # this is a hashed known host entry + try: + (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) + hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1) + hash.update(host) + if hash.digest() == kn_host.decode('base64'): + return False + except: + # invalid hashed host key, skip it + continue + else: + # standard host file entry + if host in tokens[0]: return False - except: - # invalid hashed host key, skip it - continue - else: - # standard host file entry - if host in tokens[0]: - return False if (hfiles_not_found == len(host_file_list)): self._display.vvv("EXEC previous known host file not found for {0}".format(host))