From 3e3581286bdf064cabb46b2c30bca73e6a78ea58 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 25 Apr 2014 14:48:29 -0400
Subject: [PATCH] Merged #50 "Prohibit creation and storage of empty ssh keys"

---
 src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java |   13 +++++++++++++
 1 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java b/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java
index 53033d3..da58584 100644
--- a/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java
+++ b/src/main/java/com/gitblit/transport/ssh/keys/KeysDispatcher.java
@@ -79,8 +79,21 @@
 		public void run() throws IOException, Failure {
 			String username = getContext().getClient().getUsername();
 			List<String> keys = readKeys(addKeys);
+			if (keys.isEmpty()) {
+				throw new UnloggedFailure("No public keys were read from STDIN!");
+			}
 			for (String key : keys) {
 				SshKey sshKey = parseKey(key);
+				try {
+					// this method parses the rawdata and produces a public key
+					// if it fails it will throw a Buffer.BufferException
+					// the null check is a QC verification on top of that
+					if (sshKey.getPublicKey() == null) {
+						throw new RuntimeException();
+					}
+				} catch (RuntimeException e) {
+					throw new UnloggedFailure("The data read from SDTIN can not be parsed as an SSH public key!");
+				}
 				if (!StringUtils.isEmpty(permission)) {
 					AccessPermission ap = AccessPermission.fromCode(permission);
 					if (ap.exceeds(AccessPermission.NONE)) {

--
Gitblit v1.9.1