From f73d2460e5ad205a1cd2d74a73c2d1308265d9f9 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Wed, 18 May 2022 05:23:48 -0400
Subject: [PATCH] Add \r\n check for SSH keys in Azure (#889)

RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
RH-MergeRequest: 64: Properly handle \r\n in SSH keys in Azure
RH-Commit: [1/1] c0868258fd63f6c531acd8da81e0494a8412d5ea (mrezanin/src_rhel_cloud-init)
RH-Bugzilla: 2088028
RH-Acked-by: xiachen <xiachen@redhat.com>
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>

See https://bugs.launchpad.net/cloud-init/+bug/1910835

(cherry picked from commit f17f78fa9d28e62793a5f2c7109fc29eeffb0c89)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 cloudinit/sources/DataSourceAzure.py          |  3 +++
 tests/unittests/test_datasource/test_azure.py | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index a66f023d..247284ad 100755
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -1551,6 +1551,9 @@ def _key_is_openssh_formatted(key):
     """
     Validate whether or not the key is OpenSSH-formatted.
     """
+    # See https://bugs.launchpad.net/cloud-init/+bug/1910835
+    if '\r\n' in key.strip():
+        return False
 
     parser = ssh_util.AuthKeyLineParser()
     try:
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
index f8433690..742d1faa 100644
--- a/tests/unittests/test_datasource/test_azure.py
+++ b/tests/unittests/test_datasource/test_azure.py
@@ -1764,6 +1764,18 @@ scbus-1 on xpt0 bus 0
         self.assertEqual(ssh_keys, ["ssh-rsa key1"])
         self.assertEqual(m_parse_certificates.call_count, 0)
 
+    def test_key_without_crlf_valid(self):
+        test_key = 'ssh-rsa somerandomkeystuff some comment'
+        assert True is dsaz._key_is_openssh_formatted(test_key)
+
+    def test_key_with_crlf_invalid(self):
+        test_key = 'ssh-rsa someran\r\ndomkeystuff some comment'
+        assert False is dsaz._key_is_openssh_formatted(test_key)
+
+    def test_key_endswith_crlf_valid(self):
+        test_key = 'ssh-rsa somerandomkeystuff some comment\r\n'
+        assert True is dsaz._key_is_openssh_formatted(test_key)
+
     @mock.patch(
         'cloudinit.sources.helpers.azure.OpenSSLManager.parse_certificates')
     @mock.patch(MOCKPATH + 'get_metadata_from_imds')
-- 
2.31.1