From c3a01f1f0612ee3b2f1aa58b099eaf61284c9849 Mon Sep 17 00:00:00 2001
From: michelia <michelia@seal.io>
Date: Tue, 15 Aug 2023 13:42:36 +0800
Subject: [PATCH] fix: invalid token cause crash

---
 staging/utils/cryptox/encryptor_aesgcm.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/staging/utils/cryptox/encryptor_aesgcm.go b/staging/utils/cryptox/encryptor_aesgcm.go
index a3953abf3..ee3bfc2c8 100644
--- a/staging/utils/cryptox/encryptor_aesgcm.go
+++ b/staging/utils/cryptox/encryptor_aesgcm.go
@@ -4,6 +4,7 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"fmt"
 	"io"
 )
 
@@ -50,6 +51,11 @@ func (e aesGcmEncryptor) Decrypt(c, a []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	if len(c) < g.NonceSize() {
+		return nil, fmt.Errorf("too short")
+	}
+
 	n := c[:g.NonceSize()]
 	c = c[g.NonceSize():]