From c634bbe9cc7ef6ce6f9f776010ce96384fd43340 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 7 Jan 2022 10:55:11 -0700 Subject: caddypki: Return error if no PEM data found Best guess for https://caddy.community/t/on-fly-certificate-generation-based-on-sni/14639/4 --- modules/caddypki/crypto.go | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules/caddypki') diff --git a/modules/caddypki/crypto.go b/modules/caddypki/crypto.go index d8e72c6..dbc6f38 100644 --- a/modules/caddypki/crypto.go +++ b/modules/caddypki/crypto.go @@ -81,6 +81,9 @@ func pemEncodePrivateKey(key crypto.PrivateKey) ([]byte, error) { // TODO: this is the same thing as in certmagic. Should we reuse that code somehow? It's unexported. func pemDecodePrivateKey(keyPEMBytes []byte) (crypto.PrivateKey, error) { keyBlockDER, _ := pem.Decode(keyPEMBytes) + if keyBlockDER == nil { + return nil, fmt.Errorf("no PEM data found") + } if keyBlockDER.Type != "PRIVATE KEY" && !strings.HasSuffix(keyBlockDER.Type, " PRIVATE KEY") { return nil, fmt.Errorf("unknown PEM header %q", keyBlockDER.Type) -- cgit v1.2.3