age,cmd/age: detect invalid UTF-8 in identity and recipient files

FiloSottile · FiloSottile · commit 2e0f1efe4d0e · 2025-12-23T23:06:00.000+01:00
For #663
diff --git a/cmd/age/parse.go b/cmd/age/parse.go
@@ -11,6 +11,7 @@ import (
 	"io"
 	"os"
 	"strings"
+	"unicode/utf8"
 
 	"filippo.io/age"
 	"filippo.io/age/agessh"
@@ -77,6 +78,9 @@ func parseRecipientsFile(name string) ([]age.Recipient, error) {
 		if strings.HasPrefix(line, "#") || line == "" {
 			continue
 		}
+		if !utf8.ValidString(line) {
+			return nil, fmt.Errorf("%q: recipients file is not valid UTF-8", name)
+		}
 		if len(line) > lineLengthLimit {
 			return nil, fmt.Errorf("%q: line %d is too long", name, n)
 		}
@@ -226,19 +230,20 @@ func parseIdentities(f io.Reader) ([]age.Identity, error) {
 		if strings.HasPrefix(line, "#") || line == "" {
 			continue
 		}
-
+		if !utf8.ValidString(line) {
+			return nil, fmt.Errorf("identities file is not valid UTF-8")
+		}
 		i, err := parseIdentity(line)
 		if err != nil {
 			return nil, fmt.Errorf("error at line %d: %v", n, err)
 		}
 		ids = append(ids, i)
-
 	}
 	if err := scanner.Err(); err != nil {
-		return nil, fmt.Errorf("failed to read secret keys file: %v", err)
+		return nil, fmt.Errorf("failed to read identities file: %v", err)
 	}
 	if len(ids) == 0 {
-		return nil, fmt.Errorf("no secret keys found")
+		return nil, fmt.Errorf("no identities found")
 	}
 	return ids, nil
 }
diff --git a/parse.go b/parse.go
@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io"
 	"strings"
+	"unicode/utf8"
 )
 
 // ParseIdentities parses a file with one or more private key encodings, one per
@@ -31,17 +32,20 @@ func ParseIdentities(f io.Reader) ([]Identity, error) {
 		if strings.HasPrefix(line, "#") || line == "" {
 			continue
 		}
+		if !utf8.ValidString(line) {
+			return nil, fmt.Errorf("identities file is not valid UTF-8")
+		}
 		i, err := parseIdentity(line)
 		if err != nil {
 			return nil, fmt.Errorf("error at line %d: %v", n, err)
 		}
 		ids = append(ids, i)
 	}
 	if err := scanner.Err(); err != nil {
-		return nil, fmt.Errorf("failed to read secret keys file: %v", err)
+		return nil, fmt.Errorf("failed to read identities file: %v", err)
 	}
 	if len(ids) == 0 {
-		return nil, fmt.Errorf("no secret keys found")
+		return nil, fmt.Errorf("no identities found")
 	}
 	return ids, nil
 }
@@ -78,6 +82,9 @@ func ParseRecipients(f io.Reader) ([]Recipient, error) {
 		if strings.HasPrefix(line, "#") || line == "" {
 			continue
 		}
+		if !utf8.ValidString(line) {
+			return nil, fmt.Errorf("recipients file is not valid UTF-8")
+		}
 		r, err := parseRecipient(line)
 		if err != nil {
 			// Hide the error since it might unintentionally leak the contents

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@ import (`
`11`	`11`	`"io"`
`12`	`12`	`"os"`
`13`	`13`	`"strings"`
	`14`	`+ "unicode/utf8"`
`14`	`15`
`15`	`16`	`"filippo.io/age"`
`16`	`17`	`"filippo.io/age/agessh"`
`@@ -77,6 +78,9 @@ func parseRecipientsFile(name string) ([]age.Recipient, error) {`
`77`	`78`	`if strings.HasPrefix(line, "#") \|\| line == "" {`
`78`	`79`	`continue`
`79`	`80`	`}`
	`81`	`+ if !utf8.ValidString(line) {`
	`82`	`+ return nil, fmt.Errorf("%q: recipients file is not valid UTF-8", name)`
	`83`	`+ }`
`80`	`84`	`if len(line) > lineLengthLimit {`
`81`	`85`	`return nil, fmt.Errorf("%q: line %d is too long", name, n)`
`82`	`86`	`}`
`@@ -226,19 +230,20 @@ func parseIdentities(f io.Reader) ([]age.Identity, error) {`
`226`	`230`	`if strings.HasPrefix(line, "#") \|\| line == "" {`
`227`	`231`	`continue`
`228`	`232`	`}`
`229`		`-`
	`233`	`+ if !utf8.ValidString(line) {`
	`234`	`+ return nil, fmt.Errorf("identities file is not valid UTF-8")`
	`235`	`+ }`
`230`	`236`	`i, err := parseIdentity(line)`
`231`	`237`	`if err != nil {`
`232`	`238`	`return nil, fmt.Errorf("error at line %d: %v", n, err)`
`233`	`239`	`}`
`234`	`240`	`ids = append(ids, i)`
`235`		`-`
`236`	`241`	`}`
`237`	`242`	`if err := scanner.Err(); err != nil {`
`238`		`- return nil, fmt.Errorf("failed to read secret keys file: %v", err)`
	`243`	`+ return nil, fmt.Errorf("failed to read identities file: %v", err)`
`239`	`244`	`}`
`240`	`245`	`if len(ids) == 0 {`
`241`		`- return nil, fmt.Errorf("no secret keys found")`
	`246`	`+ return nil, fmt.Errorf("no identities found")`
`242`	`247`	`}`
`243`	`248`	`return ids, nil`
`244`	`249`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ import (`
`9`	`9`	`"fmt"`
`10`	`10`	`"io"`
`11`	`11`	`"strings"`
	`12`	`+ "unicode/utf8"`
`12`	`13`	`)`
`13`	`14`
`14`	`15`	`// ParseIdentities parses a file with one or more private key encodings, one per`
`@@ -31,17 +32,20 @@ func ParseIdentities(f io.Reader) ([]Identity, error) {`
`31`	`32`	`if strings.HasPrefix(line, "#") \|\| line == "" {`
`32`	`33`	`continue`
`33`	`34`	`}`
	`35`	`+ if !utf8.ValidString(line) {`
	`36`	`+ return nil, fmt.Errorf("identities file is not valid UTF-8")`
	`37`	`+ }`
`34`	`38`	`i, err := parseIdentity(line)`
`35`	`39`	`if err != nil {`
`36`	`40`	`return nil, fmt.Errorf("error at line %d: %v", n, err)`
`37`	`41`	`}`
`38`	`42`	`ids = append(ids, i)`
`39`	`43`	`}`
`40`	`44`	`if err := scanner.Err(); err != nil {`
`41`		`- return nil, fmt.Errorf("failed to read secret keys file: %v", err)`
	`45`	`+ return nil, fmt.Errorf("failed to read identities file: %v", err)`
`42`	`46`	`}`
`43`	`47`	`if len(ids) == 0 {`
`44`		`- return nil, fmt.Errorf("no secret keys found")`
	`48`	`+ return nil, fmt.Errorf("no identities found")`
`45`	`49`	`}`
`46`	`50`	`return ids, nil`
`47`	`51`	`}`
`@@ -78,6 +82,9 @@ func ParseRecipients(f io.Reader) ([]Recipient, error) {`
`78`	`82`	`if strings.HasPrefix(line, "#") \|\| line == "" {`
`79`	`83`	`continue`
`80`	`84`	`}`
	`85`	`+ if !utf8.ValidString(line) {`
	`86`	`+ return nil, fmt.Errorf("recipients file is not valid UTF-8")`
	`87`	`+ }`
`81`	`88`	`r, err := parseRecipient(line)`
`82`	`89`	`if err != nil {`
`83`	`90`	`// Hide the error since it might unintentionally leak the contents`