deblan-mirror/mautrix-go
1
0
Fork 0
mirror of https://mau.dev/mautrix/go.git synced 2026-03-14 14:25:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

crypto: add length check to hacky megolm message index parser

Browse source
This commit is contained in:
Tulir Asokan 2026-01-17 00:55:16 +02:00
commit b226c03277
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
crypto/encryptmegolm.go
View file

@ -91,11 +91,16 @@ func IsShareError(err error) bool {
}
func ParseMegolmMessageIndex(ciphertext []byte) (uint, error) {
if len(ciphertext) == 0 {
return 0, fmt.Errorf("empty ciphertext")
}
decoded := make([]byte, base64.RawStdEncoding.DecodedLen(len(ciphertext)))
var err error
_, err = base64.RawStdEncoding.Decode(decoded, ciphertext)
if err != nil {
return 0, err
} else if len(decoded) < 2+binary.MaxVarintLen64 {
return 0, fmt.Errorf("decoded ciphertext too short: %d bytes", len(decoded))
} else if decoded[0] != 3 || decoded[1] != 8 {
return 0, fmt.Errorf("unexpected initial bytes %d and %d", decoded[0], decoded[1])
}