Merge pull request #26693 from nextcloud/backport/25714/stable20

[stable20] Explicitly check hex2bin input
nextcloud · Apr 22, 2021 · 35189a9 · 35189a9
2 parents 3c9b923 + 86de5d9
commit 35189a9
Showing 1 changed file with 19 additions and 3 deletions.
diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php
@@ -122,14 +122,14 @@ public function decrypt(string $authenticatedCiphertext, string $password = ''):
 			throw new \Exception('Authenticated ciphertext could not be decoded.');
 		}
 
-		$ciphertext = hex2bin($parts[0]);
+		$ciphertext = $this->hex2bin($parts[0]);
 		$iv = $parts[1];
-		$hmac = hex2bin($parts[2]);
+		$hmac = $this->hex2bin($parts[2]);
 
 		if ($partCount === 4) {
 			$version = $parts[3];
 			if ($version === '2') {
-				$iv = hex2bin($iv);
+				$iv = $this->hex2bin($iv);
 			}
 		}
 
@@ -146,4 +146,20 @@ public function decrypt(string $authenticatedCiphertext, string $password = ''):
 
 		return $result;
 	}
+
+	private function hex2bin(string $hex): string {
+		if (!ctype_xdigit($hex)) {
+			throw new \RuntimeException('String contains non hex chars: ' . $hex);
+		}
+		if (strlen($hex) % 2 !== 0) {
+			throw new \RuntimeException('Hex string is not of even length: ' . $hex);
+		}
+		$result = hex2bin($hex);
+
+		if ($result === false) {
+			throw new \RuntimeException('Hex to bin conversion failed: ' . $hex);
+		}
+
+		return $result;
+	}
 }