diff options
| -rw-r--r-- | paramiko/pkey.py | 2 | ||||
| -rw-r--r-- | sites/www/changelog.rst | 4 | ||||
| -rw-r--r-- | tests/blank_rsa.key | 0 | ||||
| -rw-r--r-- | tests/test_pkey.py | 5 |
4 files changed, 11 insertions, 0 deletions
diff --git a/paramiko/pkey.py b/paramiko/pkey.py index f1919660..aa8fa669 100644 --- a/paramiko/pkey.py +++ b/paramiko/pkey.py @@ -324,6 +324,8 @@ class PKey(object): def _read_private_key(self, tag, f, password=None): lines = f.readlines() + if not lines: + raise SSHException("no lines in {} private key file".format(tag)) # find the BEGIN tag start = 0 diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d5bdadec..df438626 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +- bug:`1637` (via :issue:`1599`) Raise `SSHException` explicitly when blank + private key data is loaded, instead of the natural result of ``IndexError``. + This should help more bits of Paramiko or Paramiko-adjacent codebases to + correctly handle this class of error. Credit: Nicholas Dietz. - :release:`2.10.5 <2022-05-16>` - :release:`2.9.5 <2022-05-16>` - :bug:`1933` Align signature verification algorithm with OpenSSH re: diff --git a/tests/blank_rsa.key b/tests/blank_rsa.key new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/blank_rsa.key diff --git a/tests/test_pkey.py b/tests/test_pkey.py index 3bc0459a..f8b7eb42 100644 --- a/tests/test_pkey.py +++ b/tests/test_pkey.py @@ -186,6 +186,11 @@ class KeyTest(unittest.TestCase): with pytest.raises(SSHException, match=str(exception)): RSAKey.from_private_key_file(_support("test_rsa.key")) + def test_loading_empty_keys_errors_usefully(self): + # #1599 - raise SSHException instead of IndexError + with pytest.raises(SSHException, match="no lines"): + RSAKey.from_private_key_file(_support("blank_rsa.key")) + def test_load_rsa_password(self): key = RSAKey.from_private_key_file( _support("test_rsa_password.key"), "television" |