mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #26694 from nextcloud/backport/25714/stable21 

[stable21] Explicitly check hex2bin input
This commit is contained in:
Roeland Jago Douma 2021-04-22 14:58:07 +02:00 committed by GitHub
parent f7ac16f421 97e5fe43df
commit 20a3df9888
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lib/private/Security/Crypto.php
View File

@ -124,14 +124,14 @@ class Crypto implements ICrypto {
throw new \Exception('Authenticated ciphertext could not be decoded.');
}
$ciphertext = hex2bin($parts[0]);
$ciphertext = $this->hex2bin($parts[0]);
$iv = $parts[1];
$hmac = hex2bin($parts[2]);
$hmac = $this->hex2bin($parts[2]);
if ($partCount === 4) {
$version = $parts[3];
if ($version >= '2') {
$iv = hex2bin($iv);
$iv = $this->hex2bin($iv);
}
if ($version === '3') {
@ -154,4 +154,20 @@ class Crypto implements ICrypto {
return $result;
}
private function hex2bin(string $hex): string {
if (!ctype_xdigit($hex)) {
throw new \RuntimeException('String contains non hex chars: ' . $hex);
}
if (strlen($hex) % 2 !== 0) {
throw new \RuntimeException('Hex string is not of even length: ' . $hex);
}
$result = hex2bin($hex);
if ($result === false) {
throw new \RuntimeException('Hex to bin conversion failed: ' . $hex);
}
return $result;
}
}