diff options
| author | James Moger <james.moger@gitblit.com> | 2014-04-25 14:44:25 -0400 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2014-04-25 14:44:25 -0400 |
| commit | 039686c54a947f166ba80d79187ba945cac77ad5 (patch) | |
| tree | e5daecd9645049b100873fce52de16eb4d149e2c /src/main/java/com/gitblit/transport | |
| parent | e160594f7f0417de9ec04105feab261ed3bd9dc3 (diff) | |
| download | gitblit-039686c54a947f166ba80d79187ba945cac77ad5.tar.gz gitblit-039686c54a947f166ba80d79187ba945cac77ad5.zip | |
Prevent adding empty or invalid SSH public keys
Diffstat (limited to 'src/main/java/com/gitblit/transport')
3 files changed, 23 insertions, 7 deletions
diff --git a/src/main/java/com/gitblit/transport/ssh/SshKey.java b/src/main/java/com/gitblit/transport/ssh/SshKey.java index c2fc91c1..ab44854a 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshKey.java +++ b/src/main/java/com/gitblit/transport/ssh/SshKey.java @@ -72,7 +72,7 @@ public class SshKey implements Serializable { try { publicKey = new Buffer(bin).getRawPublicKey(); } catch (SshException e) { - e.printStackTrace(); + throw new RuntimeException(e); } } return publicKey; diff --git a/src/main/java/com/gitblit/transport/ssh/keys/BaseKeyCommand.java b/src/main/java/com/gitblit/transport/ssh/keys/BaseKeyCommand.java index 588770f4..4b1d6b8f 100644 --- a/src/main/java/com/gitblit/transport/ssh/keys/BaseKeyCommand.java +++ b/src/main/java/com/gitblit/transport/ssh/keys/BaseKeyCommand.java @@ -37,17 +37,20 @@ abstract class BaseKeyCommand extends SshCommand { throws UnsupportedEncodingException, IOException { int idx = -1; if (sshKeys.isEmpty() || (idx = sshKeys.indexOf("-")) >= 0) { - String sshKey = ""; + String content = ""; BufferedReader br = new BufferedReader(new InputStreamReader( in, Charsets.UTF_8)); String line; while ((line = br.readLine()) != null) { - sshKey += line + "\n"; + content += line + "\n"; } - if (idx == -1) { - sshKeys.add(sshKey.trim()); - } else { - sshKeys.set(idx, sshKey.trim()); + final String sshKey = content.trim(); + if (!sshKey.isEmpty()) { + if (idx == -1) { + sshKeys.add(sshKey); + } else { + sshKeys.set(idx, sshKey); + } } } return sshKeys; diff --git a/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java b/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java index 53033d3d..da58584c 100644 --- a/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java +++ b/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java @@ -79,8 +79,21 @@ public class KeysDispatcher extends DispatchCommand { public void run() throws IOException, Failure { String username = getContext().getClient().getUsername(); List<String> keys = readKeys(addKeys); + if (keys.isEmpty()) { + throw new UnloggedFailure("No public keys were read from STDIN!"); + } for (String key : keys) { SshKey sshKey = parseKey(key); + try { + // this method parses the rawdata and produces a public key + // if it fails it will throw a Buffer.BufferException + // the null check is a QC verification on top of that + if (sshKey.getPublicKey() == null) { + throw new RuntimeException(); + } + } catch (RuntimeException e) { + throw new UnloggedFailure("The data read from SDTIN can not be parsed as an SSH public key!"); + } if (!StringUtils.isEmpty(permission)) { AccessPermission ap = AccessPermission.fromCode(permission); if (ap.exceeds(AccessPermission.NONE)) { |