aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--plumbing/transport/ssh/auth_method.go3
-rw-r--r--plumbing/transport/ssh/auth_method_test.go6
2 files changed, 9 insertions, 0 deletions
diff --git a/plumbing/transport/ssh/auth_method.go b/plumbing/transport/ssh/auth_method.go
index 0cdf2b7..84cfab2 100644
--- a/plumbing/transport/ssh/auth_method.go
+++ b/plumbing/transport/ssh/auth_method.go
@@ -124,6 +124,9 @@ type PublicKeys struct {
// (PKCS#1), DSA (OpenSSL), and ECDSA private keys.
func NewPublicKeys(user string, pemBytes []byte, password string) (*PublicKeys, error) {
block, _ := pem.Decode(pemBytes)
+ if block == nil {
+ return nil, errors.New("invalid PEM data")
+ }
if x509.IsEncryptedPEMBlock(block) {
key, err := x509.DecryptPEMBlock(block, []byte(password))
if err != nil {
diff --git a/plumbing/transport/ssh/auth_method_test.go b/plumbing/transport/ssh/auth_method_test.go
index 1e77ca0..0025669 100644
--- a/plumbing/transport/ssh/auth_method_test.go
+++ b/plumbing/transport/ssh/auth_method_test.go
@@ -143,3 +143,9 @@ func (*SuiteCommon) TestNewPublicKeysFromFile(c *C) {
c.Assert(err, IsNil)
c.Assert(auth, NotNil)
}
+
+func (*SuiteCommon) TestNewPublicKeysWithInvalidPEM(c *C) {
+ auth, err := NewPublicKeys("foo", []byte("bar"), "")
+ c.Assert(err, NotNil)
+ c.Assert(auth, IsNil)
+}
generated by cgit (git 2.34.1) at 2024-09-21 17:53:29 +0000