From 1a79d9ae58bb375715d207046ef2ce209e9243d8 Mon Sep 17 00:00:00 2001
From: Maykel Moya <mmoya@speedyrails.com>
Date: Wed, 16 Oct 2013 20:42:42 +0200
Subject: [PATCH] apt_key: Validate key_id and accept a leading '0x'

---
 library/packaging/apt_key | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/library/packaging/apt_key b/library/packaging/apt_key
index 8c8dc2bce60..c9a85313b2d 100644
--- a/library/packaging/apt_key
+++ b/library/packaging/apt_key
@@ -76,10 +76,10 @@ EXAMPLES = '''
 # Remove an Apt signing key, uses whichever key is at the URL
 - apt_key: url=https://ftp-master.debian.org/keys/archive-key-6.0.asc state=absent
 
-# Remove a Apt specific signing key
-- apt_key: id=473041FA state=absent
+# Remove a Apt specific signing key, leading 0x is valid
+- apt_key: id=0x473041FA state=absent
 
-# Add a key from a file on the Ansible server    
+# Add a key from a file on the Ansible server
 - apt_key: data="{{ lookup('file', 'apt.gpg') }}" state=present
 
 # Add an Apt signing key to a specific keyring file
@@ -187,7 +187,13 @@ def main():
     keyring         = module.params['keyring']
     state           = module.params['state']
     changed         = False
-    
+
+    try:
+        _ = int(key_id, 16)
+        key_id = key_id.lstrip('0x')
+    except ValueError:
+        module.fail_json("Invalid key_id")
+
     # FIXME: I think we have a common facility for this, if not, want
     check_missing_binaries(module)