Neuron-Encrypt/fix_crypto.diff at main · darkmaster0345/Neuron-Encrypt · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
--- neuron-encrypt/src/crypto.rs
+++ neuron-encrypt/src/crypto.rs
@@ -226,6 +226,10 @@
     plaintext: &[u8],
     password: &[u8],
 ) -> CryptoResult<(Zeroizing<Vec<u8>>, [u8; SALT_LEN], [u8; NONCE_LEN])> {
+    if password.len() < MIN_PASSWORD_LEN {
+        return Err(CryptoError::PassphraseTooShort(MIN_PASSWORD_LEN));
+    }
+
     let mut salt = [0u8; SALT_LEN];
     let mut nonce_bytes = [0u8; NONCE_LEN];
     OsRng.fill_bytes(&mut salt);
@@ -285,10 +289,15 @@
     password: &[u8],
     reporter: &dyn ProgressReporter,
 ) -> CryptoResult<PathBuf> {
+    if password.len() < MIN_PASSWORD_LEN {
+        return Err(CryptoError::PassphraseTooShort(MIN_PASSWORD_LEN));
+    }
+
     // FIX BUG-040: Validate source is a file.
-    let source_metadata = fs::metadata(src)?;
+    let mut file = fs::File::open(src)?;
+    let source_metadata = file.metadata()?;
     if !source_metadata.is_file() {
         return Err(CryptoError::NotAFile(src.to_path_buf()));
     }
@@ -303,7 +312,15 @@
     }

     reporter.report(0.10, "Reading source file…");
-    let plaintext = Zeroizing::new(fs::read(src)?);
+    let mut buffer = Vec::with_capacity(source_len as usize);
+    if file.take(MAX_FILE_SIZE + 1).read_to_end(&mut buffer)? > MAX_FILE_SIZE as usize {
+        return Err(CryptoError::FileTooLarge {
+            size_gb: (MAX_FILE_SIZE + 1) as f64 / 1_000_000_000.0,
+            max_gb: MAX_FILE_SIZE as f64 / 1_000_000_000.0,
+        });
+    }
+    let plaintext = Zeroizing::new(buffer);

     let mut salt = [0u8; SALT_LEN];
     let mut nonce_bytes = [0u8; NONCE_LEN];