diff --git a/sda-download/api/sda/sda_test.go b/sda-download/api/sda/sda_test.go index 1aa773253..191a4545c 100644 --- a/sda-download/api/sda/sda_test.go +++ b/sda-download/api/sda/sda_test.go @@ -677,7 +677,8 @@ func (f *fakeGRPC) ServeHTTP(w http.ResponseWriter, r *http.Request) { _, err = w.Write([]byte{0}) assert.NoError(f.t, err, "Could not write response flag") - err = binary.Write(w, binary.BigEndian, int32(len(response))) + assert.Less(f.t, len(response), int(^uint32(0)), "Response too long") + err = binary.Write(w, binary.BigEndian, int32(len(response))) //nolint:gosec // we're checking the length above assert.NoError(f.t, err, "Could not write response length") _, err = w.Write(response) diff --git a/sda/cmd/reencrypt/reencrypt.go b/sda/cmd/reencrypt/reencrypt.go index 3be4bfcd0..4513bc5f5 100644 --- a/sda/cmd/reencrypt/reencrypt.go +++ b/sda/cmd/reencrypt/reencrypt.go @@ -55,10 +55,15 @@ func (s *server) ReencryptHeader(_ context.Context, in *re.ReencryptRequest) (*r if len(dataEditList) > 0 { // linter doesn't like checking for nil before len - // Only do this if we're passed a data edit list + // Check that G115: integer overflow conversion int -> uint32 is satisfied + if len(dataEditList) > int(^uint32(0)) { + return nil, status.Error(400, "data edit list too long") + } + + // Only do this if we're passed a data edit whose length fits in a uint32 dataEditListPacket := headers.DataEditListHeaderPacket{ PacketType: headers.PacketType{PacketType: headers.DataEditList}, - NumberLengths: uint32(len(dataEditList)), + NumberLengths: uint32(len(dataEditList)), //nolint:gosec // we're checking the length above Lengths: dataEditList, } extraHeaderPackets = append(extraHeaderPackets, dataEditListPacket)