From 310bfa40f1e490c722a9c86d8ede143d3d506be5 Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Wed, 1 Feb 2023 15:55:51 +0000 Subject: [PATCH] cryptobyte: reject negative Unwrite argument Fixes golang/go#57112 Change-Id: I7a533046a6451d7ae3704eb81e6ddeec8442cf06 GitHub-Last-Rev: 3b088d95a2feca197cc4ebd1d9d34cb28008349f GitHub-Pull-Request: golang/crypto#249 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/464338 TryBot-Result: Gopher Robot Auto-Submit: Roland Shoemaker Reviewed-by: Emmanuel Odeke Reviewed-by: Roland Shoemaker Run-TryBot: Roland Shoemaker Reviewed-by: Bryan Mills --- cryptobyte/builder.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/cryptobyte/builder.go b/cryptobyte/builder.go index 2a90c592d7..c05ac7d16d 100644 --- a/cryptobyte/builder.go +++ b/cryptobyte/builder.go @@ -303,9 +303,9 @@ func (b *Builder) add(bytes ...byte) { b.result = append(b.result, bytes...) } -// Unwrite rolls back n bytes written directly to the Builder. An attempt by a -// child builder passed to a continuation to unwrite bytes from its parent will -// panic. +// Unwrite rolls back non-negative n bytes written directly to the Builder. +// An attempt by a child builder passed to a continuation to unwrite bytes +// from its parent will panic. func (b *Builder) Unwrite(n int) { if b.err != nil { return @@ -317,6 +317,9 @@ func (b *Builder) Unwrite(n int) { if length < 0 { panic("cryptobyte: internal error") } + if n < 0 { + panic("cryptobyte: attempted to unwrite negative number of bytes") + } if n > length { panic("cryptobyte: attempted to unwrite more than was written") }