luzifer/go-openssl
1
0
Fork 0
mirror of https://github.com/Luzifer/go-openssl.git synced 2024-12-20 19:01:18 +00:00
Code Issues Releases Wiki Activity

Check blocksize before retrieving Salt Header

Browse source 
`saltHeader := data[:aes.BlockSize]` will panic if the data provided is smaller than one AES Block. Return an error instead.
This commit is contained in:
Ben Turner 2017-04-04 14:08:20 -07:00 committed by GitHub
parent 52f8120aba
commit e9e25cd005
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
openssl.go
View file

@ -37,6 +37,9 @@ func (o *OpenSSL) DecryptString(passphrase, encryptedBase64String string) ([]byt
if err != nil { if err != nil {
return nil, err return nil, err
} }
if len(data) < aes.BlockSize {
return nil, fmt.Errorf("Data is too short")
}
saltHeader := data[:aes.BlockSize] saltHeader := data[:aes.BlockSize]
if string(saltHeader[:8]) != o.openSSLSaltHeader { if string(saltHeader[:8]) != o.openSSLSaltHeader {
return nil, fmt.Errorf("Does not appear to have been encrypted with OpenSSL, salt header missing.") return nil, fmt.Errorf("Does not appear to have been encrypted with OpenSSL, salt header missing.")