From 93f4ae2ba6e61d8767f1822de08554bc7d9ee5e2 Mon Sep 17 00:00:00 2001
From: Bobby Rullo <bobby.rullo@coreos.com>
Date: Tue, 25 Aug 2015 16:43:48 -0700
Subject: [PATCH] pkg/crypto: Don't modify ciphertext in place.

mmmkay?
---
 pkg/crypto/aes.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkg/crypto/aes.go b/pkg/crypto/aes.go
index 82ffad5b..d5dad127 100644
--- a/pkg/crypto/aes.go
+++ b/pkg/crypto/aes.go
@@ -84,11 +84,13 @@ func AESDecrypt(ciphertext, key []byte) ([]byte, error) {
 	}
 
 	mode := cipher.NewCBCDecrypter(block, iv)
-	mode.CryptBlocks(ciphertext, ciphertext)
 
-	if len(ciphertext)%aes.BlockSize != 0 {
+	plaintext := make([]byte, len(ciphertext))
+	mode.CryptBlocks(plaintext, ciphertext)
+
+	if len(plaintext)%aes.BlockSize != 0 {
 		return nil, errors.New("ciphertext is not a multiple of the block size")
 	}
 
-	return unpad(ciphertext)
+	return unpad(plaintext)
 }