this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: prevent out-of-bounds on decode

+4 -1
+4 -1
atproto/crypto/keys.go
··· 300 300 if err != nil { 301 301 return nil, fmt.Errorf("crypto: not a multibase base58btc string") 302 302 } 303 + if len(data) < 3 { 304 + return nil, fmt.Errorf("crypto: multibase key was too short") 305 + } 303 306 if data[0] == 0x80 && data[1] == 0x24 { 304 307 // multicodec p256-pub, code 0x1200, varint-encoded bytes: [0x80, 0x24] 305 308 return ParsePublicBytes(data[2:], P256) ··· 307 310 // multicodec secp256k1-pub, code 0xE7, varint bytes: [0xE7, 0x01] 308 311 return ParsePublicBytes(data[2:], K256) 309 312 } else { 310 - return nil, fmt.Errorf("unexpected did:key multicode value") 313 + return nil, fmt.Errorf("unexpected multicode code for multibase-encoded key") 311 314 } 312 315 } 313 316