Skip to content

empty sslkey-file causes panic in pgx.Connect #1915

New issue
New issue
Closed
Closed
empty sslkey-file causes panic in pgx.Connect#1915
Labels
bug
@gabor

Description

@gabor
gabor
opened on Feb 21, 2024

Describe the bug
if i use an empty-file as the sslkey, pgx will panic.

To Reproduce
create an empty file named key.key
then run this program:

package main

import (
	"context"

	"github.com/jackc/pgx/v5"
)

func main() {
	pgx.Connect(context.Background(), "host=localhost sslkey=key.key sslcert=key.crt")
}

Expected behavior

pgx.Connect should return an error, if the sslkey is an empty file, it should not panic.

Actual behavior
pgx.Connect panics when sslkey is an empty file.
A clear and concise description of what actually happened.

Version

  • Go: go version go1.22.0 darwin/arm64
  • PostgreSQL: postgres is not running
  • pgx: v5.5.3

Additional context
i think the problem is here:

pgx/pgconn/config.go

Lines 723 to 728 in 5c63f64

block, _ := pem.Decode(buf)
var pemKey []byte
var decryptedKey []byte
var decryptedError error
// If PEM is encrypted, attempt to decrypt using pass phrase
if x509.IsEncryptedPEMBlock(block) {

pem.Decode() will return an error, but it is not checked. then x509.IsEncryptedPEMBlock() panics.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions