Mirrors/nextcloud
1
0
Förgrening 0
spegling av https://github.com/nextcloud/server.git synced 2024-08-29 05:55:50 +02:00
Kod Ärenden Actions 28 Packages Projekt Släpp Wiki Aktiviteter

Merge pull request #25714 from nextcloud/fix/23197/explicitly_check_hex2bin_input

Bläddra i källkod 
Explicitly check hex2bin input
This commit is contained in:
Morris Jobke 2021-04-22 13:23:39 +02:00 committad av GitHub
förälder 634b6b8b57 16652ac6c6
incheckning 393309b98f
Ingen känd nyckel hittad för denna signaturen i databasen
GPG-nyckel ID: 4AEE18F83AFDEB23
1 ändrade filer med 19 tillägg och 3 borttagningar
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lib/private/Security/Crypto.php
Visa fil

@ -124,14 +124,14 @@ class Crypto implements ICrypto {
throw new \Exception('Authenticated ciphertext could not be decoded.');
}
$ciphertext = hex2bin($parts[0]);
$ciphertext = $this->hex2bin($parts[0]);
$iv = $parts[1];
$hmac = hex2bin($parts[2]);
$hmac = $this->hex2bin($parts[2]);
if ($partCount === 4) {
$version = $parts[3];
if ($version >= '2') {
$iv = hex2bin($iv);
$iv = $this->hex2bin($iv);
}
if ($version === '3') {
@ -154,4 +154,20 @@ class Crypto implements ICrypto {
return $result;
}
private function hex2bin(string $hex): string {
if (!ctype_xdigit($hex)) {
throw new \RuntimeException('String contains non hex chars: ' . $hex);
}
if (strlen($hex) % 2 !== 0) {
throw new \RuntimeException('Hex string is not of even length: ' . $hex);
}
$result = hex2bin($hex);
if ($result === false) {
throw new \RuntimeException('Hex to bin conversion failed: ' . $hex);
}
return $result;
}
}