Return error when creating public keys from invalid PEM

* pem.Decode will return nil in this case, and passing that to x509.IsEncryptedBlock will cause it to panic

Signed-off-by: Mark DeLillo <[email protected]>

Author: mdelillo

plumbing/transport/ssh/auth_method.go

@@ -124,6 +124,9 @@ type PublicKeys struct {
 // (PKCS#1), DSA (OpenSSL), and ECDSA private keys.
 func NewPublicKeys(user string, pemBytes []byte, password string) (*PublicKeys, error) {
 	block, _ := pem.Decode(pemBytes)
+	if block == nil {
+		return nil, errors.New("invalid PEM data")
+	}
 	if x509.IsEncryptedPEMBlock(block) {
 		key, err := x509.DecryptPEMBlock(block, []byte(password))
 		if err != nil {

plumbing/transport/ssh/auth_method_test.go

@@ -143,3 +143,9 @@ func (*SuiteCommon) TestNewPublicKeysFromFile(c *C) {
 	c.Assert(err, IsNil)
 	c.Assert(auth, NotNil)
 }
+
+func (*SuiteCommon) TestNewPublicKeysWithInvalidPEM(c *C) {
+	auth, err := NewPublicKeys("foo", []byte("bar"), "")
+	c.Assert(err, NotNil)
+	c.Assert(auth, IsNil)
+}