增加iv校验 (#482)

miniprogram/encryptor/encryptor.go

@@ -6,6 +6,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"errors"
+	"fmt"
 
 	"github.com/silenceper/wechat/v2/miniprogram/context"
 )
@@ -90,6 +91,9 @@ func GetCipherText(sessionKey, encryptedData, iv string) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
+	if len(ivBytes) != aes.BlockSize {
+		return nil, fmt.Errorf("bad iv length %d", len(ivBytes))
+	}
 	block, err := aes.NewCipher(aesKey)
 	if err != nil {
 		return nil, err

miniprogram/encryptor/encryptor_test.go

@@ -0,0 +1,15 @@
+package encryptor
+
+import (
+	"encoding/base64"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetCipherText_BadIV(t *testing.T) {
+	keyData := base64.StdEncoding.EncodeToString([]byte("1234567890123456"))
+	badData := base64.StdEncoding.EncodeToString([]byte("1"))
+	_, err := GetCipherText(keyData, badData, badData)
+	assert.Error(t, err)
+}