From 67674a49a3998d633b0139b759f3e7082d27fa2b Mon Sep 17 00:00:00 2001
From: Klaus Kiefer <klaus.kiefer@sap.com>
Date: Mon, 25 Nov 2024 14:30:25 +0100
Subject: [PATCH] PKI: improve error message when parsing PEM bundles (#760)

* PKI: improve error message when parsing PEM bundles

Add block counter and add the block number to the error message

Signed-off-by: Klaus Kiefer <klaus.kiefer@sap.com>

* Update builtin/logical/pki/path_manage_issuers.go

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>

---------

Signed-off-by: Klaus Kiefer <klaus.kiefer@sap.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
---
 builtin/logical/pki/path_manage_issuers.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/builtin/logical/pki/path_manage_issuers.go b/builtin/logical/pki/path_manage_issuers.go
index c4de4a1462..4311875a24 100644
--- a/builtin/logical/pki/path_manage_issuers.go
+++ b/builtin/logical/pki/path_manage_issuers.go
@@ -350,10 +350,13 @@ func (b *backend) pathImportIssuers(ctx context.Context, req *logical.Request, d
 	// them to validate no duplicate issuers exist (and place greater
 	// restrictions during parsing) but allows this code to accept OpenSSL
 	// parsed chains (with full textual output between PEM entries).
+	blockCounter := 0
 	for len(bytes.TrimSpace(pemBytes)) > 0 {
+		blockCounter++
 		pemBlock, pemBytes = pem.Decode(pemBytes)
 		if pemBlock == nil {
-			return logical.ErrorResponse("provided PEM block contained no data"), nil
+			msg := fmt.Sprintf("error when parsing block %d: invalid PEM data", blockCounter)
+			return logical.ErrorResponse(msg), nil
 		}
 
 		pemBlockString := string(pem.EncodeToMemory(pemBlock))