From beffa95391c7264cba79c8bda1d5dcc6a0dcae01 Mon Sep 17 00:00:00 2001
From: Daisuke Maki <lestrrat+github@gmail.com>
Date: Tue, 19 Mar 2024 09:38:04 +0900
Subject: [PATCH] Use checked values when allocating buffers

These limits _were_ being checked already, but we weren't
using the actual variables (we were computing these values
again, with the same content. oops)
---
 jwe/internal/aescbc/aescbc.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/jwe/internal/aescbc/aescbc.go b/jwe/internal/aescbc/aescbc.go
index 749277b9d..057953e77 100644
--- a/jwe/internal/aescbc/aescbc.go
+++ b/jwe/internal/aescbc/aescbc.go
@@ -42,11 +42,12 @@ func pad(buf []byte, n int) []byte {
 		return buf
 	}
 
+	bufsiz := len(buf) + rem
 	mbs := atomic.LoadInt64(&maxBufSize)
-	if int64(len(buf)+rem) > mbs {
+	if int64(bufsiz) > mbs {
 		panic(fmt.Errorf("failed to allocate buffer"))
 	}
-	newbuf := make([]byte, len(buf)+rem)
+	newbuf := make([]byte, bufsiz)
 	copy(newbuf, buf)
 
 	for i := len(buf); i < len(newbuf); i++ {
@@ -203,7 +204,7 @@ func (c Hmac) Seal(dst, nonce, plaintext, data []byte) []byte {
 	if int64(bufsiz) > mbs {
 		panic(fmt.Errorf("failed to allocate buffer"))
 	}
-	ciphertext := make([]byte, ctlen+c.Overhead())[:ctlen]
+	ciphertext := make([]byte, bufsiz)[:ctlen]
 	copy(ciphertext, plaintext)
 	ciphertext = pad(ciphertext, c.blockCipher.BlockSize())