From 36a0b4136469f234769613672a18a2252201060c Mon Sep 17 00:00:00 2001
From: Jonathan Rudenberg <jonathan@titanous.com>
Date: Mon, 21 Jul 2014 23:20:44 -0700
Subject: [PATCH] Be defensive about short ciphertexts

---
 box/box.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/box/box.go b/box/box.go
index 257a926..a642934 100644
--- a/box/box.go
+++ b/box/box.go
@@ -291,6 +291,9 @@ func (n *noise255ctx) Encrypt(dst, plaintext, authtext []byte) []byte {
 var ErrAuthFailed = errors.New("box: message authentication failed")
 
 func (n *noise255ctx) Decrypt(ciphertext, authtext []byte) ([]byte, error) {
+	if len(ciphertext) < 16 {
+		return nil, ErrAuthFailed
+	}
 	digest := ciphertext[len(ciphertext)-16:]
 	ciphertext = ciphertext[:len(ciphertext)-16]
 	c, keystream := n.key()