From da81736a35d3c3f3c9f7ea3eb3ce8b5500c18450 Mon Sep 17 00:00:00 2001 From: silverwind Date: Thu, 18 Jul 2019 21:08:18 +0200 Subject: [PATCH 1/6] Strip newlines from SSH keys before adding them Fixes: https://github.com/go-gitea/gitea/issues/7500 --- models/ssh_key.go | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/models/ssh_key.go b/models/ssh_key.go index ceb4d9756075e..cbd68a307effa 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -96,17 +96,18 @@ func extractTypeFromBase64Key(key string) (string, error) { // parseKeyString parses any key string in OpenSSH or SSH2 format to clean OpenSSH string (RFC4253). func parseKeyString(content string) (string, error) { - // Transform all legal line endings to a single "\n". - content = strings.NewReplacer("\r\n", "\n", "\r", "\n").Replace(content) - // remove trailing newline (and beginning spaces too) + // remove whitespace at start and end content = strings.TrimSpace(content) - lines := strings.Split(content, "\n") var keyType, keyContent, keyComment string - if len(lines) == 1 { + if !strings.Contains(content, "-----BEGIN") { // Parse OpenSSH format. - parts := strings.SplitN(lines[0], " ", 3) + + // Remove all newlines + content = strings.NewReplacer("\r\n", "", "\n", "").Replace(content) + + parts := strings.SplitN(content, " ", 3) switch len(parts) { case 0: return "", errors.New("empty key") @@ -133,6 +134,11 @@ func parseKeyString(content string) (string, error) { } } else { // Parse SSH2 file format. + + // Transform all legal line endings to a single "\n". + content = strings.NewReplacer("\r\n", "\n", "\r", "\n").Replace(content) + + lines := strings.Split(content, "\n") continuationLine := false for _, line := range lines { From 2bd697fd4f87ce51e9688589bfaf7222560fef41 Mon Sep 17 00:00:00 2001 From: silverwind Date: Mon, 22 Jul 2019 19:54:46 +0200 Subject: [PATCH 2/6] add test for CheckPublicKeyString --- models/ssh_key_test.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/models/ssh_key_test.go b/models/ssh_key_test.go index 5d095f6378e86..09c3fc6af3002 100644 --- a/models/ssh_key_test.go +++ b/models/ssh_key_test.go @@ -56,6 +56,26 @@ func Test_SSHParsePublicKey(t *testing.T) { } } +func Test_CheckPublicKeyString(t *testing.T) { + testCases := []struct { + name string + content string + }{ + {"dss", "ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment"}, + {"rsa", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n"}, + {"rsa newlines", "ssh-rsa AAAAB3NzaC1yc2EA\r\nAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+\r\nBZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNx\r\nfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\r\n\r\n"}, + {"rsa newlines #2", "ssh-rsa AAAAB3NzaC1yc2EA\r\nAAADAQABAAAAgQDAu7tvI\nvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+\r\nBZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvW\nqIwC4prx/WVk2wLTJjzBAhyNx\r\nfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\r\n\r\n"}, + {"es25519", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf"}, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + _, err := CheckPublicKeyString(tc.content) + assert.NoError(t, err) + }) + } +} + func Test_calcFingerprint(t *testing.T) { testCases := []struct { name string From 67cc48d0eb956fc272a552f63cef369f09f8bc52 Mon Sep 17 00:00:00 2001 From: silverwind Date: Mon, 22 Jul 2019 19:57:01 +0200 Subject: [PATCH 3/6] add one more test --- models/ssh_key_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/models/ssh_key_test.go b/models/ssh_key_test.go index 09c3fc6af3002..4e11cfc940c59 100644 --- a/models/ssh_key_test.go +++ b/models/ssh_key_test.go @@ -66,6 +66,7 @@ func Test_CheckPublicKeyString(t *testing.T) { {"rsa newlines", "ssh-rsa AAAAB3NzaC1yc2EA\r\nAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+\r\nBZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNx\r\nfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\r\n\r\n"}, {"rsa newlines #2", "ssh-rsa AAAAB3NzaC1yc2EA\r\nAAADAQABAAAAgQDAu7tvI\nvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+\r\nBZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvW\nqIwC4prx/WVk2wLTJjzBAhyNx\r\nfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\r\n\r\n"}, {"es25519", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf"}, + {"es25519 #2", "\r\nssh-ed25519 \r\nAAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf\r\n\r\n"}, } for _, tc := range testCases { From ac3ee23258be239ed38423ba5ec1a03be27039e1 Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 23 Jul 2019 06:49:23 +0200 Subject: [PATCH 4/6] simplify test --- models/ssh_key_test.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/models/ssh_key_test.go b/models/ssh_key_test.go index 4e11cfc940c59..5d9b0a8cd535e 100644 --- a/models/ssh_key_test.go +++ b/models/ssh_key_test.go @@ -70,10 +70,8 @@ func Test_CheckPublicKeyString(t *testing.T) { } for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - _, err := CheckPublicKeyString(tc.content) - assert.NoError(t, err) - }) + _, err := CheckPublicKeyString(tc.content) + assert.NoError(t, err) } } From 05bd0e71d807903ebf2c1e9a315c846281bcfc3c Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 23 Jul 2019 06:53:23 +0200 Subject: [PATCH 5/6] further simplify --- models/ssh_key_test.go | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/models/ssh_key_test.go b/models/ssh_key_test.go index 5d9b0a8cd535e..a90dd6158e3e4 100644 --- a/models/ssh_key_test.go +++ b/models/ssh_key_test.go @@ -57,20 +57,17 @@ func Test_SSHParsePublicKey(t *testing.T) { } func Test_CheckPublicKeyString(t *testing.T) { - testCases := []struct { - name string + for _, test := range []struct { content string }{ - {"dss", "ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment"}, - {"rsa", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n"}, - {"rsa newlines", "ssh-rsa AAAAB3NzaC1yc2EA\r\nAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+\r\nBZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNx\r\nfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\r\n\r\n"}, - {"rsa newlines #2", "ssh-rsa AAAAB3NzaC1yc2EA\r\nAAADAQABAAAAgQDAu7tvI\nvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+\r\nBZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvW\nqIwC4prx/WVk2wLTJjzBAhyNx\r\nfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\r\n\r\n"}, - {"es25519", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf"}, - {"es25519 #2", "\r\nssh-ed25519 \r\nAAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf\r\n\r\n"}, - } - - for _, tc := range testCases { - _, err := CheckPublicKeyString(tc.content) + {"ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment"}, + {"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n"}, + {"ssh-rsa AAAAB3NzaC1yc2EA\r\nAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+\r\nBZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNx\r\nfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\r\n\r\n"}, + {"ssh-rsa AAAAB3NzaC1yc2EA\r\nAAADAQABAAAAgQDAu7tvI\nvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+\r\nBZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvW\nqIwC4prx/WVk2wLTJjzBAhyNx\r\nfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\r\n\r\n"}, + {"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf"}, + {"\r\nssh-ed25519 \r\nAAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf\r\n\r\n"}, + }{ + _, err := CheckPublicKeyString(test.content) assert.NoError(t, err) } } From 46b2310d47f782c2e92abad7990b6774fd8f44fc Mon Sep 17 00:00:00 2001 From: silverwind Date: Tue, 23 Jul 2019 06:55:20 +0200 Subject: [PATCH 6/6] make fmt --- models/ssh_key_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/ssh_key_test.go b/models/ssh_key_test.go index a90dd6158e3e4..568211a7779ee 100644 --- a/models/ssh_key_test.go +++ b/models/ssh_key_test.go @@ -66,7 +66,7 @@ func Test_CheckPublicKeyString(t *testing.T) { {"ssh-rsa AAAAB3NzaC1yc2EA\r\nAAADAQABAAAAgQDAu7tvI\nvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+\r\nBZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvW\nqIwC4prx/WVk2wLTJjzBAhyNx\r\nfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\r\n\r\n"}, {"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf"}, {"\r\nssh-ed25519 \r\nAAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf\r\n\r\n"}, - }{ + } { _, err := CheckPublicKeyString(test.content) assert.NoError(t, err) }