avoid panic at KeysEqual() if one of the keys is nil

2016-12-17 22:36:48 +01:00 · 2016-12-17 22:36:48 +01:00 · 794990a406
commit 794990a406
parent cea7cfb974
1 changed files with 6 additions and 0 deletions
--- a/ssh.go
+++ b/ssh.go
@ -90,6 +90,12 @@ func Handle(handler Handler) {

 // KeysEqual is constant time compare of the keys to avoid timing attacks.
 func KeysEqual(ak, bk PublicKey) bool {
+
+	//avoid panic if one of the keys is nil, return false instead
+	if ak == nil || bk == nil {
+		return false
+	}
+
 	a := ak.Marshal()
 	b := bk.Marshal()
 	return (len(a) == len(b) && subtle.ConstantTimeCompare(a, b) == 1)