aboutsummaryrefslogtreecommitdiffstats
path: root/plumbing
diff options
context:
space:
mode:
authorMark DeLillo <github.med@delillo.org>2018-02-25 14:03:32 -0500
committerMark DeLillo <github.med@delillo.org>2018-02-25 14:03:32 -0500
commit779c88d4a407d3628f903e7c53ad5b4237ac618a (patch)
tree40450a263ff131dd619b938df6f389a73411404e /plumbing
parent886dc83f3ed518a78772055497bcc7d7621b468e (diff)
downloadgo-git-779c88d4a407d3628f903e7c53ad5b4237ac618a.tar.gz
Return error when creating public keys from invalid PEM
* pem.Decode will return nil in this case, and passing that to x509.IsEncryptedBlock will cause it to panic Signed-off-by: Mark DeLillo <github.med@delillo.org>
Diffstat (limited to 'plumbing')
-rw-r--r--plumbing/transport/ssh/auth_method.go3
-rw-r--r--plumbing/transport/ssh/auth_method_test.go6
2 files changed, 9 insertions, 0 deletions
diff --git a/plumbing/transport/ssh/auth_method.go b/plumbing/transport/ssh/auth_method.go
index 0cdf2b7..84cfab2 100644
--- a/plumbing/transport/ssh/auth_method.go
+++ b/plumbing/transport/ssh/auth_method.go
@@ -124,6 +124,9 @@ type PublicKeys struct {
// (PKCS#1), DSA (OpenSSL), and ECDSA private keys.
func NewPublicKeys(user string, pemBytes []byte, password string) (*PublicKeys, error) {
block, _ := pem.Decode(pemBytes)
+ if block == nil {
+ return nil, errors.New("invalid PEM data")
+ }
if x509.IsEncryptedPEMBlock(block) {
key, err := x509.DecryptPEMBlock(block, []byte(password))
if err != nil {
diff --git a/plumbing/transport/ssh/auth_method_test.go b/plumbing/transport/ssh/auth_method_test.go
index 1e77ca0..0025669 100644
--- a/plumbing/transport/ssh/auth_method_test.go
+++ b/plumbing/transport/ssh/auth_method_test.go
@@ -143,3 +143,9 @@ func (*SuiteCommon) TestNewPublicKeysFromFile(c *C) {
c.Assert(err, IsNil)
c.Assert(auth, NotNil)
}
+
+func (*SuiteCommon) TestNewPublicKeysWithInvalidPEM(c *C) {
+ auth, err := NewPublicKeys("foo", []byte("bar"), "")
+ c.Assert(err, NotNil)
+ c.Assert(auth, IsNil)
+}