From e685af924d4537dcadb2a327c87d77594afab7f3 Mon Sep 17 00:00:00 2001
From: Anton Nashatyrev <anton.nashatyrev@gmail.com>
Date: Tue, 20 Oct 2020 14:44:50 +0300
Subject: [PATCH] Fix boundary checks

---
 .../noise/protocol/AESGCMFallbackCipherState.java             | 4 ++--
 .../southernstorm/noise/protocol/AESGCMOnCtrCipherState.java  | 4 ++--
 .../southernstorm/noise/protocol/ChaChaPolyCipherState.java   | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java b/src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java
index 22ccb17..6beeb48 100644
--- a/src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java
+++ b/src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java
@@ -187,7 +187,7 @@ class AESGCMFallbackCipherState implements CipherState {
 		int space;
 		if (ciphertextOffset < 0 || ciphertextOffset > ciphertext.length)
 			throw new IllegalArgumentException();
-		if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > plaintext.length || (plaintext.length - plaintextOffset) < length)
+		if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > ciphertext.length || (ciphertext.length - ciphertextOffset) < length)
 			throw new IllegalArgumentException();
 		space = ciphertext.length - ciphertextOffset;
 		if (!haskey) {
@@ -221,7 +221,7 @@ class AESGCMFallbackCipherState implements CipherState {
 			space = ciphertext.length - ciphertextOffset;
 		if (length > space)
 			throw new ShortBufferException();
-		if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > plaintext.length || (plaintext.length - plaintextOffset) < length)
+		if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > ciphertext.length || (ciphertext.length - ciphertextOffset) < length)
 			throw new IllegalArgumentException();
 		space = plaintext.length - plaintextOffset;
 		if (!haskey) {
diff --git a/src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java b/src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java
index 9b5c2d0..127e72e 100644
--- a/src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java
+++ b/src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java
@@ -220,7 +220,7 @@ class AESGCMOnCtrCipherState implements CipherState {
 		int space;
 		if (ciphertextOffset < 0 || ciphertextOffset > ciphertext.length)
 			throw new IllegalArgumentException();
-		if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > plaintext.length || (plaintext.length - plaintextOffset) < length)
+		if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > ciphertext.length || (ciphertext.length - ciphertextOffset) < length)
 			throw new IllegalArgumentException();
 		space = ciphertext.length - ciphertextOffset;
 		if (keySpec == null) {
@@ -269,7 +269,7 @@ class AESGCMOnCtrCipherState implements CipherState {
 			space = ciphertext.length - ciphertextOffset;
 		if (length > space)
 			throw new ShortBufferException();
-		if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > plaintext.length || (plaintext.length - plaintextOffset) < length)
+		if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > ciphertext.length || (ciphertext.length - ciphertextOffset) < length)
 			throw new IllegalArgumentException();
 		space = plaintext.length - plaintextOffset;
 		if (keySpec == null) {
diff --git a/src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java b/src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java
index afa52b1..0e2ec93 100644
--- a/src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java
+++ b/src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java
@@ -248,7 +248,7 @@ class ChaChaPolyCipherState implements CipherState {
 			space = ciphertext.length - ciphertextOffset;
 		if (length > space)
 			throw new ShortBufferException();
-		if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > plaintext.length || (plaintext.length - plaintextOffset) < length)
+		if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > ciphertext.length || (ciphertext.length - ciphertextOffset) < length)
 			throw new IllegalArgumentException();
 		space = plaintext.length - plaintextOffset;
 		if (!haskey) {