diff options
| author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2019-07-24 14:27:00 -0400 |
|---|---|---|
| committer | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2019-07-24 14:27:00 -0400 |
| commit | 260a0ced5d3754f375fee6e220855e722c4b72b8 (patch) | |
| tree | d683fd51d63973a3e6c74faca0a295d1f84912fb /src/mongo/shell/kms_local.cpp | |
| parent | baaa7c25fadcbe4f544a885be4734a0d50ad20d2 (diff) | |
| download | mongo-260a0ced5d3754f375fee6e220855e722c4b72b8.tar.gz | |
SERVER-42318 Tighten bounds on AEAD Decrypt output length
Diffstat (limited to 'src/mongo/shell/kms_local.cpp')
| -rw-r--r-- | src/mongo/shell/kms_local.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/mongo/shell/kms_local.cpp b/src/mongo/shell/kms_local.cpp index e7a090211b3..628ea9ed9c2 100644 --- a/src/mongo/shell/kms_local.cpp +++ b/src/mongo/shell/kms_local.cpp @@ -93,7 +93,8 @@ BSONObj LocalKMSService::encryptDataKey(ConstDataRange cdr, StringData keyId) { } SecureVector<uint8_t> LocalKMSService::decrypt(ConstDataRange cdr, BSONObj masterKey) { - SecureVector<uint8_t> plaintext(cdr.length()); + SecureVector<uint8_t> plaintext( + uassertStatusOK(crypto::aeadGetMaximumPlainTextLength(cdr.length()))); size_t outLen = plaintext->size(); uassertStatusOK(crypto::aeadDecrypt(_key, |