Add ciphertext length check in AES decryption

3 years ago · 733311368a
parent ea137f940d
commit 733311368a
1 changed files with 6 additions and 2 deletions
--- a/core/decrypt/decrypt.go
+++ b/core/decrypt/decrypt.go
@ -17,7 +17,6 @@ import (

 var (
 	errSecurityKeyIsEmpty = errors.New("input [security find-generic-password -wa 'Chrome'] in terminal")
-	errPasswordIsEmpty    = errors.New("password is empty")
 	errDecryptFailed      = errors.New("decrypt failed, password is empty")
 	errDecodeASN1Failed   = errors.New("decode ASN1 data failed")
 )
@ -163,7 +162,12 @@ func aes128CBCDecrypt(key, iv, encryptPass []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	dst := make([]byte, len(encryptPass))
+	encryptLen := len(encryptPass)
+	if encryptLen < block.BlockSize() {
+		return nil, err
+	}
+
+	dst := make([]byte, encryptLen)
 	mode := cipher.NewCBCDecrypter(block, iv)
 	mode.CryptBlocks(dst, encryptPass)
 	dst = PKCS5UnPadding(dst)