RepoMirrors/HackBrowserData
1
0
Fork 0
mirror of https://github.com/moonD4rk/HackBrowserData synced 2025-02-07 22:31:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ciphertext length check in AES decryption

Browse Source
This commit is contained in:
Mercurio 2021-09-23 23:57:12 +01:00
parent ea137f940d
commit 733311368a
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/decrypt/decrypt.go
View File

@ -17,7 +17,6 @@ import (
var (
errSecurityKeyIsEmpty = errors.New("input [security find-generic-password -wa 'Chrome'] in terminal")
errPasswordIsEmpty = errors.New("password is empty")
errDecryptFailed = errors.New("decrypt failed, password is empty")
errDecodeASN1Failed = errors.New("decode ASN1 data failed")
)
@ -163,7 +162,12 @@ func aes128CBCDecrypt(key, iv, encryptPass []byte) ([]byte, error) {
if err != nil {
return nil, err
}
dst := make([]byte, len(encryptPass))
encryptLen := len(encryptPass)
if encryptLen < block.BlockSize() {
return nil, err
}
dst := make([]byte, encryptLen)
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(dst, encryptPass)
dst = PKCS5UnPadding(dst)