Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

phpseclib\Crypt\RSA::loadKey result not checked #84

Open
ben-challis opened this issue Jul 19, 2019 · 0 comments
Open

phpseclib\Crypt\RSA::loadKey result not checked #84

ben-challis opened this issue Jul 19, 2019 · 0 comments

Comments

@ben-challis
Copy link

Currently League\Flysystem\Sftp\SftpAdapter::getPrivateKey() does not check the bool result of RSA::loadKey() where false indicates error.

flysystem-sftp/src/SftpAdapter.php

Lines 266 to 280 in 518ac7d

public function getPrivateKey()
{
if ("---" !== substr($this->privateKey, 0, 3) && is_file($this->privateKey)) {
$this->privateKey = file_get_contents($this->privateKey);
}
$key = new RSA();
if ($password = $this->getPassword()) {
$key->setPassword($password);
}
$key->loadKey($this->privateKey);
return $key;

I hit this due to phpseclib/phpseclib#1372 where by regular OpenSSH generated keys wouldn't load when generated with recent versions.

Is it fair to say that this should be detected and a LogicException raised to ease identification of the problem? At present you end up with the general "Could not login ..." exception.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ben-challis