zishuo/storm
1
0
Fork 0
mirror of https://github.com/asdine/storm.git synced 2025-09-26 19:01:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

AES: Add guard for data length to prevent panicking

Browse Source
This commit is contained in:
Paul van Santen
2020-06-15 08:51:22 +02:00
parent 6d244841d5
commit 14d135a0ee
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
codec/aes/aes.go
View File

@@ -62,6 +62,10 @@ func (c *AES) Marshal(v interface{}) ([]byte, error) {
// Unmarshal unmarshals the given encrypted byte array to the given type
func (c *AES) Unmarshal(data []byte, v interface{}) error {
nonceSize := c.aesGCM.NonceSize()
if len(data) < nonceSize {
return fmt.Errorf("not enough data for aes decryption (%d < %d)", len(data), nonceSize)
}
decrypted, err := c.aesGCM.Open(nil, data[:nonceSize], data[nonceSize:], nil)
if err != nil {
return fmt.Errorf("error decrypting data: %w", err)