Merge pull request #4 from hloeffler/master

avoid panic at KeysEqual() if one of the keys is nil
2016-12-18 17:41:10 -06:00 · 2016-12-18 17:41:10 -06:00 · 06c08068be
commit 06c08068be
parent cea7cfb974 8fc7fced07
2 changed files with 23 additions and 0 deletions
--- a/ssh.go
+++ b/ssh.go
@ -90,6 +90,12 @@ func Handle(handler Handler) {

 // KeysEqual is constant time compare of the keys to avoid timing attacks.
 func KeysEqual(ak, bk PublicKey) bool {
+
+	//avoid panic if one of the keys is nil, return false instead
+	if ak == nil || bk == nil {
+		return false
+	}
+
 	a := ak.Marshal()
 	b := bk.Marshal()
 	return (len(a) == len(b) && subtle.ConstantTimeCompare(a, b) == 1)
--- a/ssh_test.go
+++ b/ssh_test.go
@ -0,0 +1,17 @@
+package ssh
+
+import (
+	"testing"
+)
+
+func TestKeysEqual(t *testing.T) {
+	defer func() {
+		if r := recover(); r != nil {
+			t.Errorf("The code did panic")
+		}
+	}()
+
+	if KeysEqual(nil, nil) {
+		t.Error("two nil keys should not return true")
+	}
+}