From 36a8f1a677df85d61c4948e9f28293a1c75096a9 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Tue, 5 Jun 2018 14:39:44 -0700
Subject: Reject GPG keys that have e-mail or names with non-valid UTF-8
 encodings

These were causing 500 Errors when accessing GPG keys for some users.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/47280
---
 lib/gitlab/gpg.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lib/gitlab/gpg.rb')

diff --git a/lib/gitlab/gpg.rb b/lib/gitlab/gpg.rb
index 413872d7e08..a4263369269 100644
--- a/lib/gitlab/gpg.rb
+++ b/lib/gitlab/gpg.rb
@@ -54,7 +54,11 @@ module Gitlab
         fingerprints = CurrentKeyChain.fingerprints_from_key(key)
 
         GPGME::Key.find(:public, fingerprints).flat_map do |raw_key|
-          raw_key.uids.map { |uid| { name: uid.name, email: uid.email.downcase } }
+          raw_key.uids.each_with_object([]) do |uid, arr|
+            name = uid.name.force_encoding('UTF-8')
+            email = uid.email.force_encoding('UTF-8')
+            arr << { name: name, email: email.downcase } if name.valid_encoding? && email.valid_encoding?
+          end
         end
       end
     end
-- 
cgit v1.2.3