Fix SSH2 conditonal in key parsing code (#8806)

Avoid out of bounds error by using strings.HasPrefix to check for starting SSH2 text rather than assuming user input has at least 31 characters. Add tests for bad input as well. Fixes #8800
author: mrsdizzie <info@mrsdizzie.com> 2019-11-03 06:08:18 -0500
committer: Lunny Xiao <xiaolunwen@gmail.com> 2019-11-03 19:08:18 +0800
commit: dce22efbee6a04b8c19348dac831cd88b18ac07c (patch)
tree: 9e40551545635048d891528686d3361e43bf55eb /models/ssh_key_test.go
parent: 022d2d8beb6297016ed26b0090c6a4a4ac404437 (diff)
download: gitea-dce22efbee6a04b8c19348dac831cd88b18ac07c.tar.gz
gitea-dce22efbee6a04b8c19348dac831cd88b18ac07c.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/models/ssh_key_test.go b/models/ssh_key_test.go
index 4bb612a671..95cd4eeb1a 100644
--- a/models/ssh_key_test.go
+++ b/models/ssh_key_test.go
@@ -131,6 +131,19 @@ AAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf
 		_, err := CheckPublicKeyString(test.content)
 		assert.NoError(t, err)
 	}
+
+	for _, invalidKeys := range []struct {
+		content string
+	}{
+		{"test"},
+		{"---- NOT A REAL KEY ----"},
+		{"bad\nkey"},
+		{"\t\t:)\t\r\n"},
+		{"\r\ntest \r\ngitea\r\n\r\n"},
+	} {
+		_, err := CheckPublicKeyString(invalidKeys.content)
+		assert.Error(t, err)
+	}
 }
 
 func Test_calcFingerprint(t *testing.T) {
author	mrsdizzie <info@mrsdizzie.com>	2019-11-03 06:08:18 -0500
committer	Lunny Xiao <xiaolunwen@gmail.com>	2019-11-03 19:08:18 +0800
commit	dce22efbee6a04b8c19348dac831cd88b18ac07c (patch)
tree	9e40551545635048d891528686d3361e43bf55eb /models/ssh_key_test.go
parent	022d2d8beb6297016ed26b0090c6a4a4ac404437 (diff)
download	gitea-dce22efbee6a04b8c19348dac831cd88b18ac07c.tar.gz gitea-dce22efbee6a04b8c19348dac831cd88b18ac07c.zip