mirror of
https://github.com/ethereum/go-ethereum.git
synced 2026-07-18 02:40:45 +00:00
Validate ciphertext length in decryptPreSaleKey, preventing runtime panics on invalid input. Co-authored-by: DeFi Junkie <deffie.jnkiee@gmail.com>
This commit is contained in:
parent
0d76b69517
commit
b4cbf663a7
1 changed files with 3 additions and 0 deletions
|
|
@ -81,6 +81,9 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error
|
||||||
*/
|
*/
|
||||||
passBytes := []byte(password)
|
passBytes := []byte(password)
|
||||||
derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)
|
derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)
|
||||||
|
if len(cipherText)%aes.BlockSize != 0 {
|
||||||
|
return nil, errors.New("ciphertext must be a multiple of block size")
|
||||||
|
}
|
||||||
plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)
|
plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue