From 6c7a8c412a22446f660a62d0ccd8fa66fa775c74 Mon Sep 17 00:00:00 2001
From: Andrew M <andrew.p.martinez@gmail.com>
Date: Thu, 4 Jun 2020 15:44:23 -0400
Subject: [PATCH] nil check on PEM decode

---
 identity/certtools/certificates.go | 8 +++++++-
 storage/boltz/typed_bucket.go      | 1 +
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/identity/certtools/certificates.go b/identity/certtools/certificates.go
index a02afcac..e5eecafb 100644
--- a/identity/certtools/certificates.go
+++ b/identity/certtools/certificates.go
@@ -19,15 +19,21 @@ package certtools
 import (
 	"crypto/x509"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"io/ioutil"
 )
 
 func LoadCert(pemBytes []byte) ([]*x509.Certificate, error) {
-	certs := make ([]*x509.Certificate, 0)
+	certs := make([]*x509.Certificate, 0)
 	var keyBlock *pem.Block
 	for len(pemBytes) > 0 {
 		keyBlock, pemBytes = pem.Decode(pemBytes)
+
+		if keyBlock == nil {
+			return nil, errors.New("could not parse")
+		}
+
 		switch keyBlock.Type {
 		case "CERTIFICATE":
 			if c, err := x509.ParseCertificate(keyBlock.Bytes); err == nil {
diff --git a/storage/boltz/typed_bucket.go b/storage/boltz/typed_bucket.go
index d2ce0536..c3ec2ca3 100644
--- a/storage/boltz/typed_bucket.go
+++ b/storage/boltz/typed_bucket.go
@@ -709,6 +709,7 @@ func (bucket *TypedBucket) setMarshaled(name string, value interface{}) *TypedBu
 		bucket.SetNil(name)
 		return bucket
 	}
+
 	switch val := value.(type) {
 	case string:
 		bucket.SetString(name, val, nil)