From dce22efbee6a04b8c19348dac831cd88b18ac07c Mon Sep 17 00:00:00 2001
From: mrsdizzie <info@mrsdizzie.com>
Date: Sun, 3 Nov 2019 06:08:18 -0500
Subject: Fix SSH2 conditonal in key parsing code (#8806)

Avoid out of bounds error by using strings.HasPrefix to check for
starting SSH2 text rather than assuming user input has at least 31
characters.

Add tests for bad input as well.

Fixes #8800
---
 models/ssh_key_test.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'models/ssh_key_test.go')

diff --git a/models/ssh_key_test.go b/models/ssh_key_test.go
index 4bb612a671..95cd4eeb1a 100644
--- a/models/ssh_key_test.go
+++ b/models/ssh_key_test.go
@@ -131,6 +131,19 @@ AAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf
 		_, err := CheckPublicKeyString(test.content)
 		assert.NoError(t, err)
 	}
+
+	for _, invalidKeys := range []struct {
+		content string
+	}{
+		{"test"},
+		{"---- NOT A REAL KEY ----"},
+		{"bad\nkey"},
+		{"\t\t:)\t\r\n"},
+		{"\r\ntest \r\ngitea\r\n\r\n"},
+	} {
+		_, err := CheckPublicKeyString(invalidKeys.content)
+		assert.Error(t, err)
+	}
 }
 
 func Test_calcFingerprint(t *testing.T) {
-- 
cgit v1.2.3