collectd.org/network: Check length of encrypted payload.

Don't assume that there are at least two bytes in ciphertext. Issue: #10
collectd · Aug 28, 2015 · d33a039 · d33a039
1 parent 4a5b07d
commit d33a039
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/network/crypto.go b/network/crypto.go
@@ -211,6 +211,9 @@ func decryptAES256(ciphertext []byte, lookup PasswordLookup) ([]byte, error) {
 	if lookup == nil {
 		return nil, errors.New("no PasswordLookup available")
 	}
+	if len(ciphertext) < 2 {
+		return nil, errors.New("buffer too short")
+	}
 
 	buf := bytes.NewBuffer(ciphertext)
 	userLen := int(binary.BigEndian.Uint16(buf.Next(2)))