Handle two more error conditions correctly
* Handle two more error conditions correctly
* fixed test case
diff --git a/src/cryptography/hazmat/primitives/serialization.py b/src/cryptography/hazmat/primitives/serialization.py
index 5c166c8..d848e5d 100644
--- a/src/cryptography/hazmat/primitives/serialization.py
+++ b/src/cryptography/hazmat/primitives/serialization.py
@@ -127,7 +127,13 @@
While the RFC calls these strings, in Python they are bytes objects.
"""
+ if len(data) < 4:
+ raise ValueError("Key is not in the proper format")
+
str_len, = struct.unpack('>I', data[:4])
+ if len(data) < str_len + 4:
+ raise ValueError("Key is not in the proper format")
+
return data[4:4 + str_len], data[4 + str_len:]
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index f82e735..1ba8a3b 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -854,6 +854,17 @@
with pytest.raises(ValueError):
load_ssh_public_key(ssh_key, backend)
+ def test_load_ssh_public_key_truncated_int(self, backend):
+ ssh_key = b'ssh-rsa AAAAB3NzaC1yc2EAAAA='
+
+ with pytest.raises(ValueError):
+ load_ssh_public_key(ssh_key, backend)
+
+ ssh_key = b'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAACKr+IHXo'
+
+ with pytest.raises(ValueError):
+ load_ssh_public_key(ssh_key, backend)
+
def test_load_ssh_public_key_rsa_comment_with_spaces(self, backend):
ssh_key = (
b"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDu/XRP1kyK6Cgt36gts9XAk"