From 3e3581286bdf064cabb46b2c30bca73e6a78ea58 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 25 Apr 2014 14:48:29 -0400
Subject: [PATCH] Merged #50 "Prohibit creation and storage of empty ssh keys"

---
 src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java |   28 ++++++++++++++++++++--------
 1 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java b/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java
index 44c3bbe..da58584 100644
--- a/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java
+++ b/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java
@@ -25,7 +25,6 @@
 import org.slf4j.LoggerFactory;
 
 import com.gitblit.Constants.AccessPermission;
-import com.gitblit.models.UserModel;
 import com.gitblit.transport.ssh.IPublicKeyManager;
 import com.gitblit.transport.ssh.SshKey;
 import com.gitblit.transport.ssh.commands.CommandMetaData;
@@ -47,13 +46,13 @@
 public class KeysDispatcher extends DispatchCommand {
 
 	@Override
-	protected void setup(UserModel user) {
-		register(user, AddKey.class);
-		register(user, RemoveKey.class);
-		register(user, ListKeys.class);
-		register(user, WhichKey.class);
-		register(user, CommentKey.class);
-		register(user, PermissionKey.class);
+	protected void setup() {
+		register(AddKey.class);
+		register(RemoveKey.class);
+		register(ListKeys.class);
+		register(WhichKey.class);
+		register(CommentKey.class);
+		register(PermissionKey.class);
 	}
 
 	@CommandMetaData(name = "add", description = "Add an SSH public key to your account")
@@ -80,8 +79,21 @@
 		public void run() throws IOException, Failure {
 			String username = getContext().getClient().getUsername();
 			List<String> keys = readKeys(addKeys);
+			if (keys.isEmpty()) {
+				throw new UnloggedFailure("No public keys were read from STDIN!");
+			}
 			for (String key : keys) {
 				SshKey sshKey = parseKey(key);
+				try {
+					// this method parses the rawdata and produces a public key
+					// if it fails it will throw a Buffer.BufferException
+					// the null check is a QC verification on top of that
+					if (sshKey.getPublicKey() == null) {
+						throw new RuntimeException();
+					}
+				} catch (RuntimeException e) {
+					throw new UnloggedFailure("The data read from SDTIN can not be parsed as an SSH public key!");
+				}
 				if (!StringUtils.isEmpty(permission)) {
 					AccessPermission ap = AccessPermission.fromCode(permission);
 					if (ap.exceeds(AccessPermission.NONE)) {

--
Gitblit v1.9.1