search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
44.59k stars 5.45k forks source link

[Error-Handling] 500 when try to Add infalid SSH-Key #8800

Closed 6543 closed 4 years ago

6543 commented 4 years ago

Afected:

what i would expect: -> gitea tell the user that it needs a valide ssh key

version: current

guillep2k commented 4 years ago

Could you describe steps to reproduce? Note for our future "current", current is currently 1.11.0+dev-153-gfe7a6d9bf

6543 commented 4 years ago
  1. got test repo (I used https://gitea.com/test-organisation/TestRepo)
  2. open repo settings
  3. go to "Deploy Keys"
  4. klick button "Add Deploy Key"
  5. Type in "Title: test; Contet: test" (if you enable write Access is not relevant)
  6. klick "Add Deploy Key" at the buton of the formular here you are
6543 commented 4 years ago 
runtime error: slice bounds out of range [:31] with length 2
/usr/lib/go/src/runtime/panic.go:85 (0x42f952)
    goPanicSliceAlen: panic(boundsError{x: int64(x), signed: true, y: y, code: boundsSliceAlen})
/home/6543/git/own/gitea/models/ssh_key.go:110 (0xfb6cd8)
    parseKeyString: if content[:len(ssh2keyStart)] == ssh2keyStart {
/home/6543/git/own/gitea/models/ssh_key.go:309 (0xfb7fe9)
    CheckPublicKeyString: content, err = parseKeyString(content)
/home/6543/git/own/gitea/routers/repo/setting.go:768 (0x128763d)
    DeployKeysPost: content, err := models.CheckPublicKeyString(form.Content)
/usr/lib/go/src/reflect/value.go:460 (0x491cc5)
    Value.call: call(frametype, fn, args, uint32(frametype.size), uint32(retOffset))
/usr/lib/go/src/reflect/value.go:321 (0x491483)
    Value.Call: return v.call("Call", in)
/home/6543/git/own/gitea/vendor/gitea.com/macaron/inject/inject.go:177 (0x9a7249)
    (*injector).callInvoke: return reflect.ValueOf(f).Call(in), nil
/home/6543/git/own/gitea/vendor/gitea.com/macaron/inject/inject.go:137 (0x9a6bf9)
    (*injector).Invoke: return inj.callInvoke(f, t, t.NumIn())
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/context.go:121 (0x9d6d98)
    (*Context).run: vals, err := c.Invoke(c.handler())
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/context.go:112 (0x10b9651)
    (*Context).Next: c.run()
/home/6543/git/own/gitea/modules/context/panic.go:39 (0x10b963d)
    Recovery.func1: ctx.Next()
/usr/lib/go/src/reflect/value.go:460 (0x491cc5)
    Value.call: call(frametype, fn, args, uint32(frametype.size), uint32(retOffset))
/usr/lib/go/src/reflect/value.go:321 (0x491483)
    Value.Call: return v.call("Call", in)
/home/6543/git/own/gitea/vendor/gitea.com/macaron/inject/inject.go:177 (0x9a7249)
    (*injector).callInvoke: return reflect.ValueOf(f).Call(in), nil
/home/6543/git/own/gitea/vendor/gitea.com/macaron/inject/inject.go:137 (0x9a6bf9)
    (*injector).Invoke: return inj.callInvoke(f, t, t.NumIn())
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/context.go:121 (0x9d6d98)
    (*Context).run: vals, err := c.Invoke(c.handler())
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/context.go:112 (0xa6e9c5)
    (*Context).Next: c.run()
/home/6543/git/own/gitea/vendor/gitea.com/macaron/session/session.go:192 (0xa6e9b0)
    Sessioner.func1: ctx.Next()
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/context.go:79 (0x9d6c40)
    ContextInvoker.Invoke: invoke(params[0].(*Context))
/home/6543/git/own/gitea/vendor/gitea.com/macaron/inject/inject.go:157 (0x9a6f59)
    (*injector).fastInvoke: return f.Invoke(in)
/home/6543/git/own/gitea/vendor/gitea.com/macaron/inject/inject.go:135 (0x9a6ce8)
    (*injector).Invoke: return inj.fastInvoke(v, t, t.NumIn())
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/context.go:121 (0x9d6d98)
    (*Context).run: vals, err := c.Invoke(c.handler())
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/context.go:112 (0x9e8439)
    (*Context).Next: c.run()
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/recovery.go:161 (0x9e8427)
    Recovery.func1: c.Next()
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/logger.go:40 (0x9da913)
    LoggerInvoker.Invoke: invoke(params[0].(*Context), params[1].(*log.Logger))
/home/6543/git/own/gitea/vendor/gitea.com/macaron/inject/inject.go:157 (0x9a6f59)
    (*injector).fastInvoke: return f.Invoke(in)
/home/6543/git/own/gitea/vendor/gitea.com/macaron/inject/inject.go:135 (0x9a6ce8)
    (*injector).Invoke: return inj.fastInvoke(v, t, t.NumIn())
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/context.go:121 (0x9d6d98)
    (*Context).run: vals, err := c.Invoke(c.handler())
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/context.go:112 (0x9e7770)
    (*Context).Next: c.run()
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/logger.go:52 (0x9e775b)
    Logger.func1: ctx.Next()
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/logger.go:40 (0x9da913)
    LoggerInvoker.Invoke: invoke(params[0].(*Context), params[1].(*log.Logger))
/home/6543/git/own/gitea/vendor/gitea.com/macaron/inject/inject.go:157 (0x9a6f59)
    (*injector).fastInvoke: return f.Invoke(in)
/home/6543/git/own/gitea/vendor/gitea.com/macaron/inject/inject.go:135 (0x9a6ce8)
    (*injector).Invoke: return inj.fastInvoke(v, t, t.NumIn())
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/context.go:121 (0x9d6d98)
    (*Context).run: vals, err := c.Invoke(c.handler())
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/router.go:187 (0x9e9656)
    (*Router).Handle.func1: c.run()
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/router.go:303 (0x9e3035)
    (*Router).ServeHTTP: h(rw, req, p)
/home/6543/git/own/gitea/vendor/gitea.com/macaron/macaron/macaron.go:220 (0x9dbcaa)
    (*Macaron).ServeHTTP: m.Router.ServeHTTP(rw, req)
/home/6543/git/own/gitea/vendor/github.com/gorilla/context/context.go:141 (0xc2840d)
    ClearHandler.func1: h.ServeHTTP(w, r)
/usr/lib/go/src/net/http/server.go:2007 (0x752a03)
    HandlerFunc.ServeHTTP: f(w, r)
/usr/lib/go/src/net/http/server.go:2802 (0x755e53)
    serverHandler.ServeHTTP: handler.ServeHTTP(rw, req)
/usr/lib/go/src/net/http/server.go:1890 (0x7517f4)
    (*conn).serve: serverHandler{c.server}.ServeHTTP(w, w.req)
/usr/lib/go/src/runtime/asm_amd64.s:1357 (0x461090)
    goexit: BYTE    $0x90   // NOP
guillep2k commented 4 years ago

It works if the key is valid. It fails to validate the input.

https://qsandbox.com/tools/private-public-keygen

Valid content (doesn't fail):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC67nQGOZlUXELmugesFEMfygXnqTNRIv6rWXdmT5WudNcaX3ARDt7SqLRSPE7w2B3g1L96zhE4p9XcVZGYNsCldDgoGG0e7Ocvffdbi+mAKdeXC7WXmvl/zJEd+qx7WnhW/n19We+rdABNb7ZEdYtL8MD4/LB4WukNsEpDUrn693G6QrqunY5fpZXna7qJ3LvTaxTgbLlydJfdgeDAlpEqgD4FBbmpBoq9fE1RyV13kIXK32Tp+M2cTLHBtusckhReTq89cZDDTdDFgH84qpLK1GcPbNANSRLsmJFf5VgKXr/UNZLzdJBq/vD16Ta4w6CDeVC1MoeTN33vLNd1ICgH qsandbox
6543 commented 4 years ago

@guillep2k yes - I know ... (now) first touhgt was deployment key is like a tocken :()

6543 commented 4 years ago

same same is at http:///user/settings/keys

-> gitea should not show 500 instead tell the user that it needs a valide ssh key