crypt: check for maximum length before decrypting filename

The EME Transform() method will panic if the input data is larger than 2048 bytes. Fixes #2826
2025-08-15 16:22:47 +02:00 · 2018-12-18 20:35:41 +00:00
parent c1dd76788d
commit 9cb3a68c38
2 changed files with 9 additions and 0 deletions
--- a/backend/crypt/cipher_test.go
+++ b/backend/crypt/cipher_test.go
@ -194,6 +194,10 @@ func TestEncryptSegment(t *testing.T) {

 func TestDecryptSegment(t *testing.T) {
 	// We've tested the forwards above, now concentrate on the errors
+	longName := make([]byte, 3328)
+	for i := range longName {
+		longName[i] = 'a'
+	}
 	c, _ := newCipher(NameEncryptionStandard, "", "", true)
 	for _, test := range []struct {
 		in          string
@ -201,6 +205,7 @@ func TestDecryptSegment(t *testing.T) {
 	}{
 		{"64=", ErrorBadBase32Encoding},
 		{"!", base32.CorruptInputError(0)},
+		{string(longName), ErrorTooLongAfterDecode},
 		{encodeFileName([]byte("a")), ErrorNotAMultipleOfBlocksize},
 		{encodeFileName([]byte("123456789abcdef")), ErrorNotAMultipleOfBlocksize},
 		{encodeFileName([]byte("123456789abcdef0")), pkcs7.ErrorPaddingTooLong},