From 8c2e1e2baa6e58d49ffd766120fdb6d42dd2ac2f Mon Sep 17 00:00:00 2001
From: James Tanner <tanner.jc@gmail.com>
Date: Wed, 19 Mar 2014 15:56:14 -0400
Subject: [PATCH] Addresses #6579 Disallow vault passwords with newline
 characters by stripping them in utils

---
 bin/ansible-vault             | 1 +
 lib/ansible/utils/__init__.py | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/bin/ansible-vault b/bin/ansible-vault
index 9be2a172fb..0784c9cec8 100755
--- a/bin/ansible-vault
+++ b/bin/ansible-vault
@@ -105,6 +105,7 @@ def _read_password(filename):
     f = open(filename, "rb")
     data = f.read()
     f.close
+    data = data.strip()
     return data
 
 def execute_create(args, options, parser):
diff --git a/lib/ansible/utils/__init__.py b/lib/ansible/utils/__init__.py
index ddcf259839..e53697cc4c 100644
--- a/lib/ansible/utils/__init__.py
+++ b/lib/ansible/utils/__init__.py
@@ -810,6 +810,10 @@ def ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=False, confirm_
         if new_vault_pass != new_vault_pass2:
             raise errors.AnsibleError("Passwords do not match")
 
+    # enforce no newline chars at the end of passwords
+    vault_pass = vault_pass.strip()
+    new_vault_pass = new_vault_pass.strip()
+
     return vault_pass, new_vault_pass
 
 def ask_passwords(ask_pass=False, ask_sudo_pass=False, ask_su_pass=False, ask_vault_pass=False):