Skip to content

Commit

Permalink
Use checked values when allocating buffers
Browse files Browse the repository at this point in the history
These limits _were_ being checked already, but we weren't
using the actual variables (we were computing these values
again, with the same content. oops)
  • Loading branch information
lestrrat committed Mar 19, 2024
1 parent a0bdaf8 commit beffa95
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions jwe/internal/aescbc/aescbc.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,12 @@ func pad(buf []byte, n int) []byte {
return buf
}

bufsiz := len(buf) + rem
mbs := atomic.LoadInt64(&maxBufSize)
if int64(len(buf)+rem) > mbs {
if int64(bufsiz) > mbs {
panic(fmt.Errorf("failed to allocate buffer"))
}
newbuf := make([]byte, len(buf)+rem)
newbuf := make([]byte, bufsiz)
copy(newbuf, buf)

for i := len(buf); i < len(newbuf); i++ {
Expand Down Expand Up @@ -203,7 +204,7 @@ func (c Hmac) Seal(dst, nonce, plaintext, data []byte) []byte {
if int64(bufsiz) > mbs {
panic(fmt.Errorf("failed to allocate buffer"))
}
ciphertext := make([]byte, ctlen+c.Overhead())[:ctlen]
ciphertext := make([]byte, bufsiz)[:ctlen]
copy(ciphertext, plaintext)
ciphertext = pad(ciphertext, c.blockCipher.BlockSize())

Expand Down

0 comments on commit beffa95

Please sign in to comment.