From 0cf5087852b375e0885aa4a650d270eb9779935e Mon Sep 17 00:00:00 2001 From: Darien Raymond Date: Fri, 27 Jan 2017 13:42:31 +0100 Subject: [PATCH] fix auth reader buffer overrun --- common/crypto/auth.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/common/crypto/auth.go b/common/crypto/auth.go index 54cad60c..39ca8543 100644 --- a/common/crypto/auth.go +++ b/common/crypto/auth.go @@ -15,6 +15,7 @@ var ( errInsufficientBuffer = errors.New("Insufficient buffer.") errInvalidNonce = errors.New("Invalid nonce.") + errInvalidLength = errors.New("Invalid buffer size.") ) type BytesGenerator interface { @@ -79,10 +80,14 @@ type AuthenticationReader struct { aggressive bool } +const ( + readerBufferSize = 32 * 1024 +) + func NewAuthenticationReader(auth Authenticator, reader io.Reader, aggressive bool) *AuthenticationReader { return &AuthenticationReader{ auth: auth, - buffer: buf.NewLocal(32 * 1024), + buffer: buf.NewLocal(readerBufferSize), reader: reader, aggressive: aggressive, } @@ -96,6 +101,9 @@ func (v *AuthenticationReader) NextChunk() error { if size > v.buffer.Len()-2 { return errInsufficientBuffer } + if size > readerBufferSize-2 { + return errInvalidLength + } if size == v.auth.Overhead() { return io.EOF }