From 1cf537662a2e2c5a6e5724b3f1d18cc7f48b9891 Mon Sep 17 00:00:00 2001
From: Jason Streifling <jason@streifling.com>
Date: Mon, 3 Feb 2025 10:40:33 +0100
Subject: [PATCH] Check if data is long enough to be decrypted

---
 cmd/backend/users.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/backend/users.go b/cmd/backend/users.go
index 47d76e4..c01a1cf 100644
--- a/cmd/backend/users.go
+++ b/cmd/backend/users.go
@@ -117,6 +117,9 @@ func aesDecrypt(c *Config, ciphertext string) (string, error) {
 	}
 
 	nonceSize := gcm.NonceSize()
+	if len(data) < nonceSize {
+		return "", errors.New("ciphertext too short")
+	}
 	nonce, cipherText := data[:nonceSize], data[nonceSize:]
 
 	plaintext, err := gcm.Open(nil, nonce, cipherText, nil)