From b5b1ad3e9abdaada947513b5a4940e93c4aae210 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Fri, 9 Jun 2017 12:58:17 +0700
Subject: Add explicit length check on OAEP input

---
 crypto/src/crypto/encodings/OaepEncoding.cs | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'crypto/src')

diff --git a/crypto/src/crypto/encodings/OaepEncoding.cs b/crypto/src/crypto/encodings/OaepEncoding.cs
index cb23b1710..9f5c563c2 100644
--- a/crypto/src/crypto/encodings/OaepEncoding.cs
+++ b/crypto/src/crypto/encodings/OaepEncoding.cs
@@ -137,6 +137,8 @@ namespace Org.BouncyCastle.Crypto.Encodings
             int		inOff,
             int		inLen)
         {
+            Check.DataLength(inLen > GetInputBlockSize(), "input data too long");
+
             byte[] block = new byte[GetInputBlockSize() + 1 + 2 * defHash.Length];
 
             //
-- 
cgit 1.5.1