From f90b6a85c0f19f353a20848f2effebc2d618c839 Mon Sep 17 00:00:00 2001
From: Naoki Kosaka <n.k@mail.yukimochi.net>
Date: Wed, 29 Jan 2020 17:36:56 +0900
Subject: [PATCH] Fix occur panic when invalid PublicKey parsing.

---
 ActivityPub/models.go  | 4 ++++
 KeyLoader/keyloader.go | 3 +++
 decode.go              | 3 +++
 3 files changed, 10 insertions(+)

diff --git a/ActivityPub/models.go b/ActivityPub/models.go
index 1a1ae4d..c95aa93 100644
--- a/ActivityPub/models.go
+++ b/ActivityPub/models.go
@@ -82,6 +82,10 @@ func (actor *Actor) RetrieveRemoteActor(url string, uaString string, cache *cach
 	}
 	defer resp.Body.Close()
 
+	if resp.StatusCode != 200 {
+		return errors.New(resp.Status)
+	}
+
 	data, _ := ioutil.ReadAll(resp.Body)
 	err = json.Unmarshal(data, &actor)
 	if err != nil {
diff --git a/KeyLoader/keyloader.go b/KeyLoader/keyloader.go
index 7c41f25..212b337 100644
--- a/KeyLoader/keyloader.go
+++ b/KeyLoader/keyloader.go
@@ -25,6 +25,9 @@ func ReadPrivateKeyRSAfromPath(path string) (*rsa.PrivateKey, error) {
 func ReadPublicKeyRSAfromString(pemString string) (*rsa.PublicKey, error) {
 	pemByte := []byte(pemString)
 	decoded, _ := pem.Decode(pemByte)
+	defer func() {
+		recover()
+	}()
 	keyInterface, err := x509.ParsePKIXPublicKey(decoded.Bytes)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err)
diff --git a/decode.go b/decode.go
index 7f679d1..54475db 100644
--- a/decode.go
+++ b/decode.go
@@ -33,6 +33,9 @@ func decodeActivity(request *http.Request) (*activitypub.Activity, *activitypub.
 		return nil, nil, nil, err
 	}
 	PubKey, err := keyloader.ReadPublicKeyRSAfromString(remoteActor.PublicKey.PublicKeyPem)
+	if PubKey == nil {
+		return nil, nil, nil, errors.New("Failed parse PublicKey from string")
+	}
 	if err != nil {
 		return nil, nil, nil, err
 	}