[FAB-10860] Fix nil pointer access by broken cert

Daisuke IIZUKA · Daisuke IIZUKA · commit ee1ec2f777e6 · 2018-06-27T03:11:17.000Z
Add error handling when ito reads broken cert.

Change-Id: I43b7ae1cfee143800fde36b74de24edfb96c0a4c
Signed-off-by: Daisuke IIZUKA &lt;daisuke.iizuka.ag@hitachi.com&gt;
diff --git a/cmd/common/signer/signer.go b/cmd/common/signer/signer.go
@@ -78,6 +78,9 @@ func loadPrivateKey(file string) (*ecdsa.PrivateKey, error) {
 		return nil, errors.WithStack(err)
 	}
 	bl, _ := pem.Decode(b)
+	if bl == nil {
+		return nil, errors.Errorf("%s: wrong PEM encoding", file)
+	}
 	key, err := x509.ParsePKCS8PrivateKey(bl.Bytes)
 	if err != nil {
 		return nil, errors.WithStack(err)
diff --git a/cmd/common/signer/signer_test.go b/cmd/common/signer/signer_test.go
@@ -53,4 +53,14 @@ func TestSignerBadConfig(t *testing.T) {
 	signer, err = NewSigner(conf)
 	assert.Contains(t, err.Error(), "open testdata/signer/non_existent_cert: no such file or directory")
 	assert.Nil(t, signer)
+
+	conf = Config{
+		MSPID:        "SampleOrg",
+		IdentityPath: filepath.Join("testdata", "signer", "cert.pem"),
+		KeyPath:      filepath.Join("testdata", "signer", "broken_private_key"),
+	}
+
+	signer, err = NewSigner(conf)
+	assert.Contains(t, err.Error(), "testdata/signer/broken_private_key: wrong PEM encoding")
+	assert.Nil(t, signer)
 }
diff --git a/cmd/common/signer/testdata/signer/broken_private_key b/cmd/common/signer/testdata/signer/broken_private_key
@@ -0,0 +1 @@
+broken
