From cce6566f1e48a22f8c15c0fb348cb8c19516ac0a Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@nspcc.ru>
Date: Wed, 29 Apr 2020 10:57:07 +0300
Subject: [PATCH] service: prevent NPE in VerifyTokenSignature function

This commit adds next changes to VerifyTokenSignature:

  * returns ErrEmptyToken on nil token argument;

  * returns ErrEmptyPublicKey on nil public key argument.
---
 service/token.go      |  9 +++++++++
 service/token_test.go | 10 ++++++++++
 2 files changed, 19 insertions(+)

diff --git a/service/token.go b/service/token.go
index b6d6435..077e672 100644
--- a/service/token.go
+++ b/service/token.go
@@ -203,7 +203,16 @@ func SignToken(token SessionToken, key *ecdsa.PrivateKey) error {
 }
 
 // VerifyTokenSignature checks if token was signed correctly.
+//
+// If passed token is nil, ErrEmptyToken returns.
+// If passed public key is nil, crypto.ErrEmptyPublicKey returns.
 func VerifyTokenSignature(token SessionToken, key *ecdsa.PublicKey) error {
+	if token == nil {
+		return ErrEmptyToken
+	} else if key == nil {
+		return crypto.ErrEmptyPublicKey
+	}
+
 	return crypto.Verify(
 		key,
 		verificationTokenData(token),
diff --git a/service/token_test.go b/service/token_test.go
index bd9c0b0..0b28084 100644
--- a/service/token_test.go
+++ b/service/token_test.go
@@ -96,6 +96,11 @@ func TestSignToken(t *testing.T) {
 		ErrEmptyToken.Error(),
 	)
 
+	require.EqualError(t,
+		VerifyTokenSignature(nil, nil),
+		ErrEmptyToken.Error(),
+	)
+
 	var token SessionToken = new(Token)
 
 	// nil key
@@ -104,6 +109,11 @@ func TestSignToken(t *testing.T) {
 		crypto.ErrEmptyPrivateKey.Error(),
 	)
 
+	require.EqualError(t,
+		VerifyTokenSignature(token, nil),
+		crypto.ErrEmptyPublicKey.Error(),
+	)
+
 	// create private key for signing
 	sk := test.DecodeKey(0)
 	pk := &sk.PublicKey