accounts/keystore: fix panic in decryptPreSaleKey (#33602)

Validate ciphertext length in decryptPreSaleKey, preventing runtime
panics on invalid input.
This commit is contained in:
DeFi Junkie 2026-01-14 13:51:48 +03:00 committed by GitHub
parent 3b17e78274
commit 94710f79a2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -81,6 +81,9 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error
*/
passBytes := []byte(password)
derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)
if len(cipherText)%aes.BlockSize != 0 {
return nil, errors.New("ciphertext must be a multiple of block size")
}
plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)
if err != nil {
return nil, err