hpke: Enforces passing a slice of exact size to UnmarshalBinary for KEM keys

cloudflare / circl

CIRCL: Cloudflare Interoperable Reusable Cryptographic Library

http://blog.cloudflare.com/introducing-circl

Other

1.22k stars 136 forks source link

hpke: Enforces passing a slice of exact size to UnmarshalBinary for KEM keys #489

Open armfazh opened 3 months ago

armfazh commented 3 months ago

hpke: Allows passing a larger buffer to UnmarshalBinary for KEM keys. It checks data passed is in the right boundaries. Also adds a test showing the issue.

Fixes #488

bwesterb commented 3 months ago

Why should we accept a buffer that is too large? Wouldn't we miss certain bugs if we do?

armfazh commented 2 months ago

Agree, I have changed the code, so now, it enforces passing a slice of the exact size when unmarshaling keys. Otherwise, it returns an error instead of panic, which is the actual bug reported in #488 .