From 14d135a0eeb2fe4fc2c34f16474d87f62fbd2413 Mon Sep 17 00:00:00 2001 From: Paul van Santen Date: Mon, 15 Jun 2020 08:51:22 +0200 Subject: [PATCH] AES: Add guard for data length to prevent panicking --- codec/aes/aes.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/codec/aes/aes.go b/codec/aes/aes.go index fe95d42..f66348a 100644 --- a/codec/aes/aes.go +++ b/codec/aes/aes.go @@ -62,6 +62,10 @@ func (c *AES) Marshal(v interface{}) ([]byte, error) { // Unmarshal unmarshals the given encrypted byte array to the given type func (c *AES) Unmarshal(data []byte, v interface{}) error { nonceSize := c.aesGCM.NonceSize() + if len(data) < nonceSize { + return fmt.Errorf("not enough data for aes decryption (%d < %d)", len(data), nonceSize) + } + decrypted, err := c.aesGCM.Open(nil, data[:nonceSize], data[nonceSize:], nil) if err != nil { return fmt.Errorf("error decrypting data: %w", err)