Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Retry SSH key verification with additional CRLF if it failed #28392

Merged
merged 11 commits into from
Dec 14, 2023
Merged

Retry SSH key verification with additional CRLF if it failed #28392

Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
b4e31fe
fix(asymkey): verify token + CRLF input
Dec 7, 2023
d2b4900
asymkey: postpone verification for windows CRLF token
nekrondev Dec 8, 2023
58427fc
Merge branch 'main' into fix/sshkey-validation
nekrondev Dec 8, 2023
3c388dd
asymkey: reduce clutter for CRLF token check
Dec 8, 2023
9a7edc0
Merge branch 'fix/sshkey-validation' of https://github.com/nekrondev/…
Dec 8, 2023
df911a6
Merge branch 'go-gitea:main' into fix/sshkey-validation
nekrondev Dec 12, 2023
6457cd2
chore(asymkey): add reference to Powershell issue
Dec 12, 2023
b975881
Merge branch 'go-gitea:main' into fix/sshkey-validation
nekrondev Dec 13, 2023
8fe68a8
fix(asymkey): changed coding to be more explicit
Dec 13, 2023
3e40937
Update models/asymkey/ssh_key_verify.go
wxiaoguang Dec 13, 2023
5fb3be7
Merge branch 'main' into fix/sshkey-validation
GiteaBot Dec 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion models/asymkey/ssh_key_verify.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,9 @@ func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signat
return "", ErrKeyNotExist{}
}

if err := sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea"); err != nil {
// edge case for Windows based shells that will add CR LF if piped to ssh-keygen command
wxiaoguang marked this conversation as resolved.
Show resolved Hide resolved
errcrlf := sshsig.Verify(bytes.NewBuffer([]byte(token+"\r\n")), []byte(signature), []byte(key.Content), "gitea")
if err := sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea"); err != nil && errcrlf != nil {
wxiaoguang marked this conversation as resolved.
Show resolved Hide resolved
log.Error("Unable to validate token signature. Error: %v", err)
return "", ErrSSHInvalidTokenSignature{
Fingerprint: key.Fingerprint,
Expand Down