ssh: don't panic if a key is too short.

Change-Id: I810eb1c5d4cacc710a427e2ce031db1e9c292454
Reviewed-on: https://go-review.googlesource.com/132656
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

1 files changed, 31 insertions, 0 deletions

diff --git a/ssh/keys_test.go b/ssh/keys_test.go
index 9a90abc..f28725f 100644
--- a/ssh/keys_test.go
+++ b/ssh/keys_test.go
@@ -13,7 +13,9 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/base64"
+	"encoding/pem"
 	"fmt"
+	"io"
 	"reflect"
 	"strings"
 	"testing"
@@ -498,3 +500,32 @@ func TestFingerprintSHA256(t *testing.T) {
 		t.Errorf("got fingerprint %q want %q", fingerprint, want)
 	}
 }
+
+func TestInvalidKeys(t *testing.T) {
+	keyTypes := []string{
+		"RSA PRIVATE KEY",
+		"PRIVATE KEY",
+		"EC PRIVATE KEY",
+		"DSA PRIVATE KEY",
+		"OPENSSH PRIVATE KEY",
+	}
+
+	for _, keyType := range keyTypes {
+		for _, dataLen := range []int{0, 1, 2, 5, 10, 20} {
+			data := make([]byte, dataLen)
+			if _, err := io.ReadFull(rand.Reader, data); err != nil {
+				t.Fatal(err)
+			}
+
+			var buf bytes.Buffer
+			pem.Encode(&buf, &pem.Block{
+				Type:  keyType,
+				Bytes: data,
+			})
+
+			// This test is just to ensure that the function
+			// doesn't panic so the return value is ignored.
+			ParseRawPrivateKey(buf.Bytes())
+		}
+	}
+}