Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

hpke: slice bounds out of range in shortKEM.UnmarshalBinaryPrivateKey #488

Open
emersion opened this issue Mar 13, 2024 · 3 comments · May be fixed by #489
Open

hpke: slice bounds out of range in shortKEM.UnmarshalBinaryPrivateKey #488

emersion opened this issue Mar 13, 2024 · 3 comments · May be fixed by #489
Assignees
Labels
bug Something isn't working

Comments

@emersion
Copy link

When passing a byte slice of size > 66 bytes to shortKEM.UnmarshalBinaryPrivateKey when using the DHKEM(P-521, HKDF-SHA512) KEM, the following panic is triggered:

panic: runtime error: slice bounds out of range [-1:]

goroutine 3014 [running]:
panic({0x78c980?, 0xc00050a090?})
	/usr/lib/go/src/runtime/panic.go:770 +0x132
github.com/cloudflare/circl/hpke.shortKEM.UnmarshalBinaryPrivateKey({{{0x12, {0x7aa461, 0x19}, 0x7}, {0x820178, 0xc000016240}}, {0x81fe98, 0x9ad8e0}}, {0xc0002800a0, 0x43, ...})
	/home/simon/src/circl/hpke/shortkem.go:87 +0x35b
@armfazh armfazh added the bug Something isn't working label Mar 13, 2024
@armfazh armfazh self-assigned this Mar 13, 2024
armfazh added a commit to armfazh/circl that referenced this issue Mar 14, 2024
armfazh added a commit to armfazh/circl that referenced this issue Apr 26, 2024
armfazh added a commit to armfazh/circl that referenced this issue Apr 26, 2024
@armfazh
Copy link
Contributor

armfazh commented Apr 26, 2024

This is a bug, the code shouldn't panic, but instead it should return an error.
in #489 , code enforces to pass slices of the exact size for unmarshaling keys.

@bwesterb
Copy link
Member

Not sure whether it's a bug to panic when the caller breaks the function contract. Not opposed to returning an error instead though.

@emersion
Copy link
Author

I don't see where this function contract is defined? Nothing in https://pkg.go.dev/github.com/cloudflare/[email protected]/kem#Scheme

IMHO, panic'ing would be OK if it was documented and if it used an explicit check with a proper error message (instead of an out of bounds error).

However, please note that other functions with documented panics don't return an error (so don't really have a choice). UnmarshalBinaryPrivateKey does return an error. Moreover, "Unmarshal" is a kind of parsing step, and parsing deals with user-provided input. Panic'ing on bad user-provided input (such as fed from a network protocol) isn't super nice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants