projects / rup.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Check the size of the message before decrypting it.
[rup.git] / src / crypto.rs
diff --git a/src/crypto.rs b/src/crypto.rs
index ddf257c..caf34f7 100644 (file)
--- a/src/crypto.rs
+++ b/src/crypto.rs
@@ -19,6 +19,7 @@ pub enum EncryptError {
 pub enum DecryptError {\r
     KeyError(KeyError),\r
     WrongMessageVersion,\r
+    MessageToShort,\r
     UnableToDecodeBase64Message,\r
     UnableToDecrypt,\r
     UnableToDecodeMessageAsUTF8String,\r
@@ -68,6 +69,8 @@ pub fn decrypt(key: &str, cipher_text: &str) -> Result<String, DecryptError> {
         base64::decode(&cipher_text.as_bytes()[consts::CURRENT_MESSAGE_VERSION.as_bytes().len()..])\r
             .map_err(|_e| DecryptError::UnableToDecodeBase64Message)?;\r
 \r
+    if cipher_text_bytes.len() <= 48 { return Err(DecryptError::MessageToShort) }\r
+\r
     let iv = &cipher_text_bytes[0..16];\r
     let hash = &cipher_text_bytes[16..48];\r
     let encrypted_message = &cipher_text_bytes[48..];\r
Unnamed repository; edit this file 'description' to name the repository.