luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Test for overflow of the capacity value (#9317)

This commit is contained in:
Scott Miller 2020-06-25 11:22:13 -05:00 committed by GitHub
parent e8ba04f021
commit 57c6ae4233
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vault/barrier.go
View File

@ -24,6 +24,10 @@ var (
// ErrBarrierInvalidKey is returned if the Unseal key is invalid
ErrBarrierInvalidKey = errors.New("Unseal failed, invalid key")
// ErrPlaintextTooLarge is returned if a plaintext is offered for encryption
// that is too large to encrypt in memory
ErrPlaintextTooLarge = errors.New("plaintext value too large")
)
const (

3
vault/barrier_aes_gcm.go
View File

@ -910,6 +910,9 @@ func (b *AESGCMBarrier) encrypt(path string, term uint32, gcm cipher.AEAD, plain
// Allocate the output buffer with room for tern, version byte,
// nonce, GCM tag and the plaintext
capacity := termSize + 1 + gcm.NonceSize() + gcm.Overhead() + len(plain)
if capacity < 0 {
return nil, ErrPlaintextTooLarge
}
size := termSize + 1 + gcm.NonceSize()
out := make([]byte, size, capacity)