From a4f631ed177acc03411ee2535481936753345ca2 Mon Sep 17 00:00:00 2001
From: Jono Wenger <jono@elixxir.io>
Date: Wed, 13 Jan 2021 22:42:19 +0000
Subject: [PATCH] Check size of provided data to Contact marshal

---
 cmd/root.go                   | 6 +++---
 interfaces/contact/contact.go | 6 ++++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/cmd/root.go b/cmd/root.go
index c2a7f3c3b..886756c47 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -251,13 +251,13 @@ func readContact() contact.Contact {
 		return contact.Contact{}
 	}
 	data, err := ioutil.ReadFile(inputFilePath)
-	jww.INFO.Printf("Size read in: %d", len(data))
+	jww.INFO.Printf("Contact file size read in: %d", len(data))
 	if err != nil {
-		jww.FATAL.Panicf("%+v", err)
+		jww.FATAL.Panicf("Failed to read contact file: %+v", err)
 	}
 	c, err := contact.Unmarshal(data)
 	if err != nil {
-		jww.FATAL.Panicf("%+v", err)
+		jww.FATAL.Panicf("Failed to unmarshal contact: %+v", err)
 	}
 	return c
 }
diff --git a/interfaces/contact/contact.go b/interfaces/contact/contact.go
index 242a758ab..d5ac73094 100644
--- a/interfaces/contact/contact.go
+++ b/interfaces/contact/contact.go
@@ -79,6 +79,12 @@ func (c Contact) Marshal() []byte {
 
 // Unmarshal decodes the byte slice produced by Contact.Marshal into a Contact.
 func Unmarshal(b []byte) (Contact, error) {
+	if len(b) < sizeByteLength*3+id.ArrIDLen {
+		return Contact{}, errors.Errorf("Length of provided buffer (%d) too "+
+			"short; length must be at least %d.",
+			len(b), sizeByteLength*3+id.ArrIDLen)
+	}
+
 	c := Contact{DhPubKey: &cyclic.Int{}}
 	var err error
 	buff := bytes.NewBuffer(b)
-- 
GitLab