From 02d643f7822de49cb0c75b5a6b134630008f4d81 Mon Sep 17 00:00:00 2001
From: Nick Craig-Wood <nick@craig-wood.com>
Date: Wed, 9 Aug 2023 11:05:35 +0100
Subject: [PATCH] box: fix panic when decoding corrupted PEM from JWT file

See: https://forum.rclone.org/t/box-jwt-config-erroring-panic/40685/
---
 backend/box/box.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/box/box.go b/backend/box/box.go
index e932b0762..21fdcf6de 100644
--- a/backend/box/box.go
+++ b/backend/box/box.go
@@ -241,6 +241,9 @@ func getQueryParams(boxConfig *api.ConfigJSON) map[string]string {
 func getDecryptedPrivateKey(boxConfig *api.ConfigJSON) (key *rsa.PrivateKey, err error) {
 
 	block, rest := pem.Decode([]byte(boxConfig.BoxAppSettings.AppAuth.PrivateKey))
+	if block == nil {
+		return nil, errors.New("box: failed to PEM decode private key")
+	}
 	if len(rest) > 0 {
 		return nil, fmt.Errorf("box: extra data included in private key: %w", err)
 	}