From 94710f79a21fb64299555a545113545677e5dfbe Mon Sep 17 00:00:00 2001
From: DeFi Junkie <deffie.jnkiee@gmail.com>
Date: Wed, 14 Jan 2026 13:51:48 +0300
Subject: [PATCH] accounts/keystore: fix panic in decryptPreSaleKey (#33602)

Validate ciphertext length in decryptPreSaleKey, preventing runtime
panics on invalid input.
---
 accounts/keystore/presale.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/accounts/keystore/presale.go b/accounts/keystore/presale.go
index 0664dc2cdd..6311e8d90a 100644
--- a/accounts/keystore/presale.go
+++ b/accounts/keystore/presale.go
@@ -81,6 +81,9 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error
 	*/
 	passBytes := []byte(password)
 	derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)
+	if len(cipherText)%aes.BlockSize != 0 {
+		return nil, errors.New("ciphertext must be a multiple of block size")
+	}
 	plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)
 	if err != nil {
 		return nil, err