search

golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
123.62k stars 17.61k forks source link

crypto/cipher: no padding in cbc causes slice bounds out of range panic #4699

Closed gopherbot closed 9 years ago

gopherbot commented 11 years ago

by xuxinhua1984:

When creating a cbc encrypter/decrypter (CryptBlocks) it doesn't check "The length
of src must be a multiple of the block size" (for example, I was expecting it to
use "default" padding of all zeros in that case, or some character sequence
delivered by others is dissatisfied the continue, it will panic. see
http://play.golang.org/p/3P1BzW76BC ). Post Go 1 it would likely be better to:

- CryptBlocks returns error, but this will change the signatures of CryptBlocks
- panic if the length of src is not a multiple of the block size, so it is clear where
is the actual error

ps:According to cipher.BlockMode

    // CryptBlocks encrypts or decrypts a number of blocks. The length of
    // src must be a multiple of the block size. Dst and src may point to
    // the same memory.
    CryptBlocks(dst, src []byte)
rsc commented 11 years ago

Comment 1:

Labels changed: added priority-later, removed priority-triage.

Owner changed to @rsc.

Status changed to Started.

rsc commented 11 years ago

Comment 2:

This issue was closed by revision fa2acad60379f59712cc15ea1c4192b982e69a3.

Status changed to Fixed.