From 1c7e70dd647f7695baaabcc3265060727c9bcb3c Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Mon, 13 May 2013 03:35:16 -0700
Subject: [PATCH] Improve user public ssh key verification

The middle part of the key is base64, so match it against the
allowable base64 characters.
When showing an error message escape the @ so it actually
shows in the output.
---
 Girocco/User.pm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Girocco/User.pm b/Girocco/User.pm
index 2811873..ca0f1da 100644
--- a/Girocco/User.pm
+++ b/Girocco/User.pm
@@ -143,7 +143,12 @@ sub keys_fill {
 	length($self->{keys}) <= 4096
 		or $gcgi->err("The list of keys is more than 4kb. Do you really need that much?");
 	foreach (split /\r?\n/, $self->{keys}) {
-		/^ssh-(?:dss|rsa) .* \S+@\S+$/ or $gcgi->err("Your ssh key (\"$_\") appears to have invalid format (does not start by ssh-dss|rsa or does not end with @-identifier) - maybe your browser has split a single key to multiple lines?");
+		/^ssh-(?:dss|rsa) [0-9A-Za-z+\/=]+ \S+@\S+$/
+			or $gcgi->err(<<EOT);
+Your ssh key ("$_") appears to have an invalid format
+(does not start with ssh-dss or ssh-rsa or does not end with <tt>\@</tt>-identifier) -
+maybe your browser has split a single key onto multiple lines?
+EOT
 	}
 
 	not $gcgi->err_check;
-- 
2.11.4.GIT