From e439121ab2767c1ef94229c9df8cc7563ae70ec5 Mon Sep 17 00:00:00 2001 From: albertony <12441419+albertony@users.noreply.github.com> Date: Thu, 15 Aug 2024 21:10:41 +0200 Subject: [PATCH] config: fix size computation for allocation may overflow --- fs/config/obscure/obscure.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/config/obscure/obscure.go b/fs/config/obscure/obscure.go index 17aae165b..68aa9cc5f 100644 --- a/fs/config/obscure/obscure.go +++ b/fs/config/obscure/obscure.go @@ -10,6 +10,7 @@ import ( "fmt" "io" "log" + "math" ) // crypt internals @@ -47,6 +48,9 @@ func crypt(out, in, iv []byte) error { // This is done by encrypting with AES-CTR func Obscure(x string) (string, error) { plaintext := []byte(x) + if math.MaxInt32-aes.BlockSize < len(plaintext) { + return "", fmt.Errorf("value too large") + } ciphertext := make([]byte, aes.BlockSize+len(plaintext)) iv := ciphertext[:aes.BlockSize] if _, err := io.ReadFull(cryptRand, iv); err != nil {