From d9ecbc851f53441d3ea312d62e2cc0d075ca7456 Mon Sep 17 00:00:00 2001
From: Vladimir Diaz <vladimir.v.diaz@gmail.com>
Date: Thu, 28 Jan 2016 14:03:49 -0500
Subject: [PATCH] Do not store private key material in exception messages

---
 tuf/keys.py | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/tuf/keys.py b/tuf/keys.py
index 9d341032..abe10dad 100755
--- a/tuf/keys.py
+++ b/tuf/keys.py
@@ -1135,16 +1135,28 @@ def extract_pem(pem, private_pem=False):
     header_start = pem.index(pem_header)
   
   except ValueError:
-    raise tuf.FormatError('Required PEM header ' + repr(pem_header) + '\n not'
-      ' found in PEM string: ' + repr(pem))
+    # Be careful not to print private key material in exception message. 
+    if not private_pem:  
+      raise tuf.FormatError('Required PEM header ' + repr(pem_header) + '\n not'
+        ' found in PEM string: ' + repr(pem))
+    
+    else:
+      raise tuf.FormatError('Required PEM header ' + repr(pem_header) + '\n not'
+        ' found in private PEM string.')
   
   try:
     # Search for 'pem_footer' after the PEM header.
     footer_start = pem.index(pem_footer, header_start + len(pem_header))
   
   except ValueError:
-    raise tuf.FormatError('Required PEM footer ' + repr(pem_footer) + '\n not'
-      ' found in PEM string ' + repr(pem))
+    # Be careful not to print private key material in exception message.
+    if not private_pem:  
+      raise tuf.FormatError('Required PEM footer ' + repr(pem_footer) + '\n not'
+        ' found in PEM string ' + repr(pem))
+
+    else:
+      raise tuf.FormatError('Required PEM footer ' + repr(pem_footer) + '\n not'
+        ' found in private PEM string.')
   
   # Extract only the public portion of 'pem'.  Leading or trailing whitespace
   # is excluded.