forks/go-ethereum
1
0
Fork 1
mirror of https://github.com/ethereum/go-ethereum.git synced 2026-06-19 13:21:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

accounts/scwallet: fix panic in decryptAPDU #33606 (#1982)

Browse source 
Validate ciphertext length in decryptAPDU, preventing runtime panics on
invalid input.

Co-authored-by: DeFi Junkie <deffie.jnkiee@gmail.com>
This commit is contained in:
Daniel Liu 2026-01-29 13:55:27 +08:00 committed by GitHub
parent ecb0408521
commit 7fd5927081
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
accounts/scwallet/securechannel.go
View file

@ -300,6 +300,10 @@ func (s *SecureChannelSession) decryptAPDU(data []byte) ([]byte, error) {
return nil, err
}
if len(data) == 0 || len(data)%aes.BlockSize != 0 {
return nil, fmt.Errorf("invalid ciphertext length: %d", len(data))
}
ret := make([]byte, len(data))
crypter := cipher.NewCBCDecrypter(a, s.iv)