From 704d2b68e667d536b5d6c7707702b4a5ac268750 Mon Sep 17 00:00:00 2001 From: Sheng Date: Sun, 9 Sep 2018 15:33:59 +0800 Subject: [PATCH] Check private key size for the final value --- webssh/handler.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/webssh/handler.py b/webssh/handler.py index 1ef4fa0..63bc225 100644 --- a/webssh/handler.py +++ b/webssh/handler.py @@ -90,16 +90,18 @@ class IndexHandler(MixinHandler, tornado.web.RequestHandler): def get_privatekey(self): name = 'privatekey' lst = self.request.files.get(name) # multipart form - if not lst: - return self.get_argument(name, u'') # urlencoded form - else: + if lst: self.filename = lst[0]['filename'] data = lst[0]['body'] - if len(data) > KEY_MAX_SIZE: - raise InvalidValueError( - 'Invalid private key: {}'.format(self.filename) - ) - return self.decode_argument(data, name=name) + value = self.decode_argument(data, name=name).strip() + else: + value = self.get_argument(name, u'') # urlencoded form + + if len(value) > KEY_MAX_SIZE: + raise InvalidValueError( + 'Invalid private key: {}'.format(self.filename) + ) + return value @classmethod def get_specific_pkey(cls, pkeycls, privatekey, password):