SSH Key Uploading

auth/setKey.php

@@ -30,6 +30,10 @@ function validateUsername($username){
     return (preg_match("/^([a-zA-Z0-9_.]+)$/", $username) == 1);
 }
 
+function validatePublicKey($key){
+    return (preg_match("/^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/", $key) == 1);
+}
+
 if (checkParameters(array("pubkey", "userId", "authToken"))){
     error("Missing parameters");
 }
@@ -38,6 +42,10 @@ $userToken = $_POST["authToken"];
 $userId = $_POST["userId"];
 $pubkey = $_POST["pubkey"];
 
+if(!validatePublicKey($pubkey)){
+    error("Invalid public key");
+}
+
 $request = curl_init();
 curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials");
 curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);