From fd0ca979dc23e478aa40e9a321596d648b542ede Mon Sep 17 00:00:00 2001
From: Dan Cline <6798349+Rjected@users.noreply.github.com>
Date: Tue, 12 Mar 2024 11:59:58 -0400
Subject: [PATCH] fix: check that data is large enough to fit header and mac

---
 crates/net/ecies/src/algorithm.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/crates/net/ecies/src/algorithm.rs b/crates/net/ecies/src/algorithm.rs
index cfdf652ad3fc..b7e5effe5ccd 100644
--- a/crates/net/ecies/src/algorithm.rs
+++ b/crates/net/ecies/src/algorithm.rs
@@ -637,6 +637,13 @@ impl ECIES {
     }
 
     pub fn read_header(&mut self, data: &mut [u8]) -> Result<usize, ECIESError> {
+        // If the data is not large enough to fit the header and mac bytes, return an error
+        //
+        // The header is 16 bytes, and the mac is 16 bytes, so the data must be at least 32 bytes
+        if data.len() < 32 {
+            return Err(ECIESErrorImpl::InvalidHeader.into())
+        }
+
         let (header_bytes, mac_bytes) = split_at_mut(data, 16)?;
         let header = HeaderBytes::from_mut_slice(header_bytes);
         let mac = B128::from_slice(&mac_bytes[..16]);