From c50f2981880acd57f9aefbd96016ba721580b9f7 Mon Sep 17 00:00:00 2001
From: Dionna Glaze <dionnaglaze@google.com>
Date: Mon, 4 Mar 2024 22:06:14 +0000
Subject: [PATCH] Add some nil checking to validate.go

Calling validate.SnpAttestation with an incomplete attesstation report
will lead to nil dereferences instead of meaningful errors without this.
---
 validate/validate.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/validate/validate.go b/validate/validate.go
index 90308c0..227f6ce 100644
--- a/validate/validate.go
+++ b/validate/validate.go
@@ -612,10 +612,21 @@ func validateKeys(report *spb.Report, options *Options) error {
 }
 
 func validateKeyKind(report *spb.Attestation) (*x509.Certificate, error) {
+	if report == nil {
+		return nil, fmt.Errorf("attestation cannot be nil")
+	}
+	if report.GetReport() == nil {
+		return nil, fmt.Errorf("attestation report cannot be nil")
+	}
+	if report.GetCertificateChain() == nil {
+		return nil, fmt.Errorf("attestation certificate chain cannot be nil")
+	}
+
 	info, err := abi.ParseSignerInfo(report.GetReport().GetSignerInfo())
 	if err != nil {
 		return nil, err
 	}
+
 	switch info.SigningKey {
 	case abi.VcekReportSigner:
 		if len(report.GetCertificateChain().VcekCert) != 0 {