Update ParseCSRPem to error instead of panic if the CSR bytes cannot …

…be parsed (cloudflare#734) as a PEM block. Signed-off-by: cyli <cyli@twistedmatrix.com>
iake123 · Mar 7, 2017 · 5bbfc25 · 5bbfc25
1 parent cdf03f4
commit 5bbfc25
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/helpers/helpers.go b/helpers/helpers.go
@@ -450,8 +450,10 @@ func ParseCSR(in []byte) (csr *x509.CertificateRequest, rest []byte, err error)
 // locally.
 func ParseCSRPEM(csrPEM []byte) (*x509.CertificateRequest, error) {
 	block, _ := pem.Decode([]byte(csrPEM))
-	der := block.Bytes
-	csrObject, err := x509.ParseCertificateRequest(der)
+	if block == nil {
+		return nil, cferr.New(cferr.CSRError, cferr.DecodeFailed)
+	}
+	csrObject, err := x509.ParseCertificateRequest(block.Bytes)
 
 	if err != nil {
 		return nil, err

diff --git a/helpers/helpers_test.go b/helpers/helpers_test.go
@@ -406,6 +406,10 @@ func TestParseCSRPEMMore(t *testing.T) {
 	if _, err := ParseCSRPEM(csrPEM); err == nil {
 		t.Fatal(err)
 	}
+
+	if _, err := ParseCSRPEM([]byte("not even pem")); err == nil {
+		t.Fatal("Expected an invalid CSR.")
+	}
 }
 
 // Imported from signers/local/testdata/