From 12f9de06af6fc4be9301e18dc29a4eaf31d60504 Mon Sep 17 00:00:00 2001
From: Seb Olney <sebastian.olney@synaptics.com>
Date: Tue, 12 Sep 2023 10:14:18 +0100
Subject: [PATCH] Check for length overflow

---
 lib/Crypto/Cipher/_mode_ccm.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/Crypto/Cipher/_mode_ccm.py b/lib/Crypto/Cipher/_mode_ccm.py
index 1c1105bcb..7f78fbe5a 100644
--- a/lib/Crypto/Cipher/_mode_ccm.py
+++ b/lib/Crypto/Cipher/_mode_ccm.py
@@ -189,9 +189,13 @@ def _start_mac(self):
 
         # Formatting control information and nonce (A.2.1)
         q = 15 - len(self.nonce)  # length of Q, the encoded message length
+        # Limit on plaintext length imposed by choice of nonce (A.1)
+        if self._msg_len >= 2**(8*q):
+            raise OverflowError("Combined plaintext and nonce too long")
         flags = (64 * (self._assoc_len > 0) + 8 * ((self._mac_len - 2) // 2) +
                  (q - 1))
         b_0 = struct.pack("B", flags) + self.nonce + long_to_bytes(self._msg_len, q)
+        assert len(b_0) == 16
 
         # Formatting associated data (A.2.2)
         # Encoded 'a' is concatenated with the associated data 'A'