From 733311368ad0f868870006b36e9c1750367644d9 Mon Sep 17 00:00:00 2001
From: Mercurio <10175101282@stu.ecnu.edu.cn>
Date: Thu, 23 Sep 2021 23:57:12 +0100
Subject: [PATCH 1/2] Add ciphertext length check in AES decryption

---
 core/decrypt/decrypt.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/core/decrypt/decrypt.go b/core/decrypt/decrypt.go
index 10c5987..225f144 100644
--- a/core/decrypt/decrypt.go
+++ b/core/decrypt/decrypt.go
@@ -17,7 +17,6 @@ import (
 
 var (
 	errSecurityKeyIsEmpty = errors.New("input [security find-generic-password -wa 'Chrome'] in terminal")
-	errPasswordIsEmpty    = errors.New("password is empty")
 	errDecryptFailed      = errors.New("decrypt failed, password is empty")
 	errDecodeASN1Failed   = errors.New("decode ASN1 data failed")
 )
@@ -163,7 +162,12 @@ func aes128CBCDecrypt(key, iv, encryptPass []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	dst := make([]byte, len(encryptPass))
+	encryptLen := len(encryptPass)
+	if encryptLen < block.BlockSize() {
+		return nil, err
+	}
+
+	dst := make([]byte, encryptLen)
 	mode := cipher.NewCBCDecrypter(block, iv)
 	mode.CryptBlocks(dst, encryptPass)
 	dst = PKCS5UnPadding(dst)

From 265b93e288540ee0ffcc9cde08fd572d65abb1fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E1=B4=8D=E1=B4=8F=E1=B4=8F=C9=B4D4=CA=80=E1=B4=8B?=
 <moond4rk13@gmail.com>
Date: Fri, 24 Sep 2021 19:44:12 +0800
Subject: [PATCH 2/2] style: add error text

---
 core/decrypt/decrypt.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/decrypt/decrypt.go b/core/decrypt/decrypt.go
index 225f144..fc5883b 100644
--- a/core/decrypt/decrypt.go
+++ b/core/decrypt/decrypt.go
@@ -19,6 +19,7 @@ var (
 	errSecurityKeyIsEmpty = errors.New("input [security find-generic-password -wa 'Chrome'] in terminal")
 	errDecryptFailed      = errors.New("decrypt failed, password is empty")
 	errDecodeASN1Failed   = errors.New("decode ASN1 data failed")
+	errEncryptedLength    = errors.New("length of encrypted password less than block size")
 )
 
 type ASN1PBE interface {
@@ -164,7 +165,7 @@ func aes128CBCDecrypt(key, iv, encryptPass []byte) ([]byte, error) {
 	}
 	encryptLen := len(encryptPass)
 	if encryptLen < block.BlockSize() {
-		return nil, err
+		return nil, errEncryptedLength
 	}
 
 	dst := make([]byte, encryptLen)