keygen-sh / example-cpp-cryptographic-license-files

Example of verifying cryptographically signed and encrypted license files using C++, OpenSSL, Ed25519 and AES-256-GCM.
https://keygen.sh
MIT License
9 stars 8 forks source link

decode_license_file will segfault if the string is too short #4

Open nkallen opened 1 year ago

nkallen commented 1 year ago

https://github.com/keygen-sh/example-cpp-cryptographic-license-files/blob/30682baebd4897ac1f27350aefbc4b648aa66db5/main.cpp#L167

Should probably

    if (cert.size() < prefix.size() + suffix.size())
        return "";

to avoid segfault