Chore: additional check when decrypting values (#34637)

* Chore: additional check when decrypting values * Apply suggestions from code review
2025-08-02 16:42:26 +08:00 · 2021-05-25 18:35:54 +03:00
parent ab26c4dfa4
commit a5082ab112
2 changed files with 11 additions and 0 deletions
--- a/pkg/util/encryption.go
+++ b/pkg/util/encryption.go
@ -6,6 +6,7 @@ import (
 	"crypto/rand"
 	"crypto/sha256"
 	"errors"
+	"fmt"
 	"io"

 	"golang.org/x/crypto/pbkdf2"
@ -15,6 +16,9 @@ const saltLength = 8

 // Decrypt decrypts a payload with a given secret.
 func Decrypt(payload []byte, secret string) ([]byte, error) {
+	if len(payload) < saltLength {
+		return nil, fmt.Errorf("unable to compute salt")
+	}
 	salt := payload[:saltLength]
 	key, err := encryptionKeyToBytes(secret, string(salt))
 	if err != nil {