accounts/keystore: fix panic in decryptPreSaleKey #33602 (#1951)

Validate ciphertext length in decryptPreSaleKey, preventing runtime panics on invalid input. Co-authored-by: DeFi Junkie <deffie.jnkiee@gmail.com>
2026-06-19 21:31:37 +00:00 · 2026-01-19 14:45:03 +08:00 · 2026-01-19 14:45:03 +08:00 · b4cbf663a7
commit b4cbf663a7
parent 0d76b69517
1 changed files with 3 additions and 0 deletions
--- a/accounts/keystore/presale.go
+++ b/accounts/keystore/presale.go
@ -81,6 +81,9 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error
 	*/
 	passBytes := []byte(password)
 	derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)
+	if len(cipherText)%aes.BlockSize != 0 {
+		return nil, errors.New("ciphertext must be a multiple of block size")
+	}
 	plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)
 	if err != nil {
 		return nil, err