mirror/PrivateCaptcha
1
0
Fork 0
mirror of https://github.com/PrivateCaptcha/PrivateCaptcha.git synced 2026-04-27 16:30:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add out of bounds check for reading license activation

Browse Source 
found by Almanax and Corgea
This commit is contained in:
Taras Kushnir
2025-10-04 12:29:28 +03:00
parent 0b26d10015
commit 9a464a088f
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/license/license.go
+10 -2
View File
@@ -118,8 +118,12 @@ func (lm *LicenseMessage) UnmarshalBinary(data []byte) error {
}
offset += 4
userIDEnd := offset + int(userIDLen)
if userIDEnd >= len(data) {
return io.ErrShortBuffer
}
userIDBytes := make([]byte, userIDLen)
copy(userIDBytes[:], data[offset:offset+int(userIDLen)])
copy(userIDBytes[:], data[offset:userIDEnd])
offset += int(userIDLen)
lm.UserID = string(userIDBytes)
@@ -132,8 +136,12 @@ func (lm *LicenseMessage) UnmarshalBinary(data []byte) error {
}
offset += 4
productIDEnd := offset + int(productIDLen)
if productIDEnd >= len(data) {
return io.ErrShortBuffer
}
productIDBytes := make([]byte, productIDLen)
copy(productIDBytes[:], data[offset:offset+int(productIDLen)])
copy(productIDBytes[:], data[offset:productIDEnd])
offset += int(productIDLen)
lm.ProductID = string(productIDBytes)