Merge pull request #26694 from nextcloud/backport/25714/stable21
[stable21] Explicitly check hex2bin input
This commit is contained in:
commit
20a3df9888
|
@ -124,14 +124,14 @@ class Crypto implements ICrypto {
|
||||||
throw new \Exception('Authenticated ciphertext could not be decoded.');
|
throw new \Exception('Authenticated ciphertext could not be decoded.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$ciphertext = hex2bin($parts[0]);
|
$ciphertext = $this->hex2bin($parts[0]);
|
||||||
$iv = $parts[1];
|
$iv = $parts[1];
|
||||||
$hmac = hex2bin($parts[2]);
|
$hmac = $this->hex2bin($parts[2]);
|
||||||
|
|
||||||
if ($partCount === 4) {
|
if ($partCount === 4) {
|
||||||
$version = $parts[3];
|
$version = $parts[3];
|
||||||
if ($version >= '2') {
|
if ($version >= '2') {
|
||||||
$iv = hex2bin($iv);
|
$iv = $this->hex2bin($iv);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($version === '3') {
|
if ($version === '3') {
|
||||||
|
@ -154,4 +154,20 @@ class Crypto implements ICrypto {
|
||||||
|
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function hex2bin(string $hex): string {
|
||||||
|
if (!ctype_xdigit($hex)) {
|
||||||
|
throw new \RuntimeException('String contains non hex chars: ' . $hex);
|
||||||
|
}
|
||||||
|
if (strlen($hex) % 2 !== 0) {
|
||||||
|
throw new \RuntimeException('Hex string is not of even length: ' . $hex);
|
||||||
|
}
|
||||||
|
$result = hex2bin($hex);
|
||||||
|
|
||||||
|
if ($result === false) {
|
||||||
|
throw new \RuntimeException('Hex to bin conversion failed: ' . $hex);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue