From 87e1351939f4f5f03770a4bb4a261ecdbc10545f Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Tue, 10 Nov 2015 21:54:45 +0700
Subject: Add sanity check on input length

---
 crypto/src/crypto/engines/IesEngine.cs | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'crypto/src')

diff --git a/crypto/src/crypto/engines/IesEngine.cs b/crypto/src/crypto/engines/IesEngine.cs
index a2004a9d6..9139f3ffc 100644
--- a/crypto/src/crypto/engines/IesEngine.cs
+++ b/crypto/src/crypto/engines/IesEngine.cs
@@ -97,6 +97,10 @@ namespace Org.BouncyCastle.Crypto.Engines
 
             kdf.Init(kParam);
 
+            // Ensure that the length of the input is greater than the MAC in bytes
+            if (inLen <= mac.GetMacSize())
+                throw new InvalidCipherTextException("Length of input must be greater than the MAC");
+
             inLen -= mac.GetMacSize();
 
             if (cipher == null)     // stream mode
-- 
cgit 1.5.1