From 1069671a171b0fb1a6029534873c3e17dc6e3255 Mon Sep 17 00:00:00 2001
From: sina <sina@snix.ir>
Date: Sat, 30 Jul 2022 14:43:49 +0430
Subject: panics too large

---
 cipher.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/cipher.go b/cipher.go
index ce76755..37c96f2 100644
--- a/cipher.go
+++ b/cipher.go
@@ -11,7 +11,6 @@ import (
 const polykeylen = 0x20 // poly1305 key len: 32byte
 
 var ErrAuthMsg = errors.New("rabaead: message authentication failed")
-var erroverlap = errors.New("rabaead: invalid buffer memory overlap")
 
 type rabbitPoly1305 struct {
 	key       []byte // rabbit cipher key
@@ -46,7 +45,7 @@ func (c *rabbitPoly1305) sealRabbit(dst, nonce, plaintext, ad []byte) []byte {
 	ret, out := headtail(dst, len(plaintext)+poly1305.TagSize)
 	ciphertext, tag := out[:len(plaintext)], out[len(plaintext):]
 	if inexactOverlap(out, plaintext) {
-		panic(erroverlap) //should never happen
+		panic("rabaead: invalid buffer memory overlap") //should never happen
 	}
 
 	var polyKey [polykeylen]byte
@@ -93,7 +92,7 @@ func (c *rabbitPoly1305) openRabbit(dst, nonce, ciphertext, ad []byte) ([]byte,
 
 	ret, out := headtail(dst, len(ciphertext))
 	if inexactOverlap(out, ciphertext) {
-		panic(erroverlap) //should never happen
+		panic("rabaead: invalid buffer memory overlap") //should never happen
 	}
 
 	// check data integrity
@@ -113,16 +112,23 @@ func (c *rabbitPoly1305) openRabbit(dst, nonce, ciphertext, ad []byte) ([]byte,
 // panic occurs if nonce len is not equal to IVXLen (8byte) or zero
 // if data is not verified, ErrAuthMsg will be returned
 func (c *rabbitPoly1305) Open(dst, nonce, ciphertext, ad []byte) ([]byte, error) {
-
 	if len(ciphertext) < poly1305.TagSize {
 		return nil, ErrAuthMsg
 	}
 
+	if uint64(len(ciphertext)) > (1<<38)-48 {
+		panic("rabaead: ciphertext too large")
+	}
+
 	return c.openRabbit(dst, nonce, ciphertext, ad)
 }
 
 // Seal seals a plaintext into the rabbit aead ciphertext.
 // panic occurs if nonce len is not equal to IVXLen (8byte) or zero
 func (c *rabbitPoly1305) Seal(dst, nonce, plaintext, ad []byte) []byte {
+	if uint64(len(plaintext)) > (1<<38)-64 {
+		panic("rabaead: plaintext too large")
+	}
+
 	return c.sealRabbit(dst, nonce, plaintext, ad)
 }
-- 
cgit v1.2.3