Improve SSH key parser to handle newlines in keys (#7522)

* Strip newlines from SSH keys before adding them Fixes: https://github.com/go-gitea/gitea/issues/7500 * add test for CheckPublicKeyString * add one more test * simplify test * further simplify * make fmt
2025-05-17 23:00:02 +02:00 · 2019-07-23 15:25:06 +02:00 · 2019-07-23 15:25:06 +02:00 · b10109ffe8
commit b10109ffe8
parent bcbc9f33d7
2 changed files with 28 additions and 6 deletions
--- a/models/ssh_key.go
+++ b/models/ssh_key.go
@ -96,17 +96,18 @@ func extractTypeFromBase64Key(key string) (string, error) {

 // parseKeyString parses any key string in OpenSSH or SSH2 format to clean OpenSSH string (RFC4253).
 func parseKeyString(content string) (string, error) {
-	// Transform all legal line endings to a single "\n".
-	content = strings.NewReplacer("\r\n", "\n", "\r", "\n").Replace(content)
-	// remove trailing newline (and beginning spaces too)
+	// remove whitespace at start and end
 	content = strings.TrimSpace(content)
-	lines := strings.Split(content, "\n")

 	var keyType, keyContent, keyComment string

-	if len(lines) == 1 {
+	if !strings.Contains(content, "-----BEGIN") {
 		// Parse OpenSSH format.
-		parts := strings.SplitN(lines[0], " ", 3)
+
+		// Remove all newlines
+		content = strings.NewReplacer("\r\n", "", "\n", "").Replace(content)
+
+		parts := strings.SplitN(content, " ", 3)
 		switch len(parts) {
 		case 0:
 			return "", errors.New("empty key")
@ -133,6 +134,11 @@ func parseKeyString(content string) (string, error) {
 		}
 	} else {
 		// Parse SSH2 file format.
+
+		// Transform all legal line endings to a single "\n".
+		content = strings.NewReplacer("\r\n", "\n", "\r", "\n").Replace(content)
+
+		lines := strings.Split(content, "\n")
 		continuationLine := false

 		for _, line := range lines {