From eab334dde8e3f94fcf1fca0d111b5121e26c1f4f Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Tue, 6 Oct 2015 13:54:33 +0200
Subject: Handle binascii.Error from base64.b64decode()

In Python 3, the base64.b64decode function raises binascii.Error (a ValueError
subclass) when it finds incorrect padding. In Python 2 it raises TypeError.

Callers should usually handle ValueError; unless they are specifically
concerned with handling base64 padding issues).

In some cases, callers should handle ValueError:
- ipalib.pkcs10 (get_friendlyname, load_certificate_request): callers should
  handle ValueError
- ipalib.x509 (load_certificate*, get_*): callers should handle ValueError

In other cases ValueError is handled:
- ipalib.parameters
- ipapython.ssh
- ipalib.rpc (json_decode_binary - callers already expect ValueError)
- ipaserver.install.ldapupdate

Elsewhere no error handling is done, because values come from trusted
sources, or are pre-validated:
- vault plugin
- ipaserver.install.cainstance
- ipaserver.install.certs
- ipaserver.install.ipa_otptoken_import

Reviewed-By: Tomas Babej <tbabej@redhat.com>
---
 ipapython/ssh.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ipapython')

diff --git a/ipapython/ssh.py b/ipapython/ssh.py
index 02f577e8b..a625c422c 100644
--- a/ipapython/ssh.py
+++ b/ipapython/ssh.py
@@ -102,7 +102,7 @@ class SSHPublicKey(object):
 
         try:
             key = base64.b64decode(key)
-        except (TypeError, binascii.Error):
+        except (TypeError, ValueError):
             return False
 
         return self._parse_raw(key)
-- 
cgit