diff options
author | Máximo Cuadros <mcuadros@gmail.com> | 2018-02-25 21:08:07 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-25 21:08:07 +0100 |
commit | defd0b861ca79845c8f06f7c826c769012404bbd (patch) | |
tree | 81437c18373b19bc4f85f88cdfb143815bc1570a | |
parent | 721449aadc2792494d030ac37ee779025a9b2869 (diff) | |
parent | 779c88d4a407d3628f903e7c53ad5b4237ac618a (diff) | |
download | go-git-defd0b861ca79845c8f06f7c826c769012404bbd.tar.gz |
Merge pull request #759 from mdelillo/invalid-ssh-key
plumbing: ssh, return error when creating public keys from invalid PEM
-rw-r--r-- | plumbing/transport/ssh/auth_method.go | 3 | ||||
-rw-r--r-- | plumbing/transport/ssh/auth_method_test.go | 6 |
2 files changed, 9 insertions, 0 deletions
diff --git a/plumbing/transport/ssh/auth_method.go b/plumbing/transport/ssh/auth_method.go index 0cdf2b7..84cfab2 100644 --- a/plumbing/transport/ssh/auth_method.go +++ b/plumbing/transport/ssh/auth_method.go @@ -124,6 +124,9 @@ type PublicKeys struct { // (PKCS#1), DSA (OpenSSL), and ECDSA private keys. func NewPublicKeys(user string, pemBytes []byte, password string) (*PublicKeys, error) { block, _ := pem.Decode(pemBytes) + if block == nil { + return nil, errors.New("invalid PEM data") + } if x509.IsEncryptedPEMBlock(block) { key, err := x509.DecryptPEMBlock(block, []byte(password)) if err != nil { diff --git a/plumbing/transport/ssh/auth_method_test.go b/plumbing/transport/ssh/auth_method_test.go index 1e77ca0..0025669 100644 --- a/plumbing/transport/ssh/auth_method_test.go +++ b/plumbing/transport/ssh/auth_method_test.go @@ -143,3 +143,9 @@ func (*SuiteCommon) TestNewPublicKeysFromFile(c *C) { c.Assert(err, IsNil) c.Assert(auth, NotNil) } + +func (*SuiteCommon) TestNewPublicKeysWithInvalidPEM(c *C) { + auth, err := NewPublicKeys("foo", []byte("bar"), "") + c.Assert(err, NotNil) + c.Assert(auth, IsNil) +} |