(name string)
| 52 | } |
| 53 | |
| 54 | func parseRecipientsFile(name string) ([]age.Recipient, error) { |
| 55 | var f *os.File |
| 56 | if name == "-" { |
| 57 | if stdinInUse { |
| 58 | return nil, fmt.Errorf("standard input is used for multiple purposes") |
| 59 | } |
| 60 | stdinInUse = true |
| 61 | f = os.Stdin |
| 62 | } else { |
| 63 | var err error |
| 64 | f, err = os.Open(name) |
| 65 | if err != nil { |
| 66 | return nil, fmt.Errorf("failed to open recipient file: %v", err) |
| 67 | } |
| 68 | defer f.Close() |
| 69 | } |
| 70 | |
| 71 | const recipientFileSizeLimit = 16 << 20 // 16 MiB |
| 72 | const lineLengthLimit = 8 << 10 // 8 KiB, same as sshd(8) |
| 73 | var recs []age.Recipient |
| 74 | scanner := bufio.NewScanner(io.LimitReader(f, recipientFileSizeLimit)) |
| 75 | var n int |
| 76 | for scanner.Scan() { |
| 77 | n++ |
| 78 | line := scanner.Text() |
| 79 | if strings.HasPrefix(line, "#") || line == "" { |
| 80 | continue |
| 81 | } |
| 82 | if !utf8.ValidString(line) { |
| 83 | return nil, fmt.Errorf("%q: recipients file is not valid UTF-8", name) |
| 84 | } |
| 85 | if len(line) > lineLengthLimit { |
| 86 | return nil, fmt.Errorf("%q: line %d is too long", name, n) |
| 87 | } |
| 88 | r, err := parseRecipient(line) |
| 89 | if err != nil { |
| 90 | if t, ok := sshKeyType(line); ok { |
| 91 | // Skip unsupported but valid SSH public keys with a warning. |
| 92 | warningf("recipients file %q: ignoring unsupported SSH key of type %q at line %d", name, t, n) |
| 93 | continue |
| 94 | } |
| 95 | if strings.HasPrefix(line, "AGE-") { |
| 96 | return nil, fmt.Errorf("%q: error at line %d: apparent identity found in recipients file", name, n) |
| 97 | } |
| 98 | // Hide the error since it might unintentionally leak the contents |
| 99 | // of confidential files. |
| 100 | return nil, fmt.Errorf("%q: malformed recipient at line %d", name, n) |
| 101 | } |
| 102 | recs = append(recs, r) |
| 103 | } |
| 104 | if err := scanner.Err(); err != nil { |
| 105 | return nil, fmt.Errorf("%q: failed to read recipients file: %v", name, err) |
| 106 | } |
| 107 | if len(recs) == 0 { |
| 108 | return nil, fmt.Errorf("%q: no recipients found", name) |
| 109 | } |
| 110 | return recs, nil |
| 111 | } |
no test coverage detected
searching dependent graphs…