From b4cbf663a77104cb834e311168cc4870c5114263 Mon Sep 17 00:00:00 2001
From: Daniel Liu <139250065@qq.com>
Date: Mon, 19 Jan 2026 14:45:03 +0800
Subject: [PATCH] accounts/keystore: fix panic in decryptPreSaleKey #33602
 (#1951)

Validate ciphertext length in decryptPreSaleKey, preventing runtime
panics on invalid input.

Co-authored-by: DeFi Junkie <deffie.jnkiee@gmail.com>
---
 accounts/keystore/presale.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/accounts/keystore/presale.go b/accounts/keystore/presale.go
index 10eb886ae2..001748eb7e 100644
--- a/accounts/keystore/presale.go
+++ b/accounts/keystore/presale.go
@@ -81,6 +81,9 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error
 	*/
 	passBytes := []byte(password)
 	derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)
+	if len(cipherText)%aes.BlockSize != 0 {
+		return nil, errors.New("ciphertext must be a multiple of block size")
+	}
 	plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)
 	if err != nil {
 		return nil, err