diff --git a/paramiko/pkey.py b/paramiko/pkey.py index 326f37a041d67b68a274393c3ebfe7ce625d14b6_cGFyYW1pa28vcGtleS5weQ==..b88f6a59b8497e7e90eb36622ed2fa97c8244644_cGFyYW1pa28vcGtleS5weQ== 100644 --- a/paramiko/pkey.py +++ b/paramiko/pkey.py @@ -324,6 +324,8 @@ def _read_private_key(self, tag, f, password=None): lines = f.readlines() + if not lines: + raise SSHException("no lines in {} private key file".format(tag)) # find the BEGIN tag start = 0 diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 326f37a041d67b68a274393c3ebfe7ce625d14b6_c2l0ZXMvd3d3L2NoYW5nZWxvZy5yc3Q=..b88f6a59b8497e7e90eb36622ed2fa97c8244644_c2l0ZXMvd3d3L2NoYW5nZWxvZy5yc3Q= 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +- bug:`1637` (via :issue:`1599`) Raise `SSHException` explicitly when blank + private key data is loaded, instead of the natural result of ``IndexError``. + This should help more bits of Paramiko or Paramiko-adjacent codebases to + correctly handle this class of error. Credit: Nicholas Dietz. - :release:`2.10.5 <2022-05-16>` - :release:`2.9.5 <2022-05-16>` - :bug:`1933` Align signature verification algorithm with OpenSSH re: diff --git a/tests/blank_rsa.key b/tests/blank_rsa.key new file mode 100644 diff --git a/tests/test_pkey.py b/tests/test_pkey.py index 326f37a041d67b68a274393c3ebfe7ce625d14b6_dGVzdHMvdGVzdF9wa2V5LnB5..b88f6a59b8497e7e90eb36622ed2fa97c8244644_dGVzdHMvdGVzdF9wa2V5LnB5 100644 --- a/tests/test_pkey.py +++ b/tests/test_pkey.py @@ -186,6 +186,11 @@ with pytest.raises(SSHException, match=str(exception)): RSAKey.from_private_key_file(_support("test_rsa.key")) + def test_loading_empty_keys_errors_usefully(self): + # #1599 - raise SSHException instead of IndexError + with pytest.raises(SSHException, match="no lines"): + RSAKey.from_private_key_file(_support("blank_rsa.key")) + def test_load_rsa_password(self): key = RSAKey.from_private_key_file( _support("test_rsa_password.key"), "television"