aboutsummaryrefslogtreecommitdiffstats
path: root/plumbing/transport/ssh/auth_method.go
diff options
context:
space:
mode:
authorMark DeLillo <github.med@delillo.org>2018-02-25 14:03:32 -0500
committerMark DeLillo <github.med@delillo.org>2018-02-25 14:03:32 -0500
commit779c88d4a407d3628f903e7c53ad5b4237ac618a (patch)
tree40450a263ff131dd619b938df6f389a73411404e /plumbing/transport/ssh/auth_method.go
parent886dc83f3ed518a78772055497bcc7d7621b468e (diff)
downloadgo-git-779c88d4a407d3628f903e7c53ad5b4237ac618a.tar.gz
Return error when creating public keys from invalid PEM
* pem.Decode will return nil in this case, and passing that to x509.IsEncryptedBlock will cause it to panic Signed-off-by: Mark DeLillo <github.med@delillo.org>
Diffstat (limited to 'plumbing/transport/ssh/auth_method.go')
-rw-r--r--plumbing/transport/ssh/auth_method.go3
1 files changed, 3 insertions, 0 deletions
diff --git a/plumbing/transport/ssh/auth_method.go b/plumbing/transport/ssh/auth_method.go
index 0cdf2b7..84cfab2 100644
--- a/plumbing/transport/ssh/auth_method.go
+++ b/plumbing/transport/ssh/auth_method.go
@@ -124,6 +124,9 @@ type PublicKeys struct {
// (PKCS#1), DSA (OpenSSL), and ECDSA private keys.
func NewPublicKeys(user string, pemBytes []byte, password string) (*PublicKeys, error) {
block, _ := pem.Decode(pemBytes)
+ if block == nil {
+ return nil, errors.New("invalid PEM data")
+ }
if x509.IsEncryptedPEMBlock(block) {
key, err := x509.DecryptPEMBlock(block, []byte(password))
if err != nil {