From 86de5d9265b531bc96d0b2ec6ae00767a4a16dfd Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Thu, 18 Feb 2021 20:12:20 +0100 Subject: [PATCH] Explicitly check hex2bin input For #23197 Signed-off-by: Roeland Jago Douma --- lib/private/Security/Crypto.php | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php index 154448281b9a3..99e7e74a3a0da 100644 --- a/lib/private/Security/Crypto.php +++ b/lib/private/Security/Crypto.php @@ -122,14 +122,14 @@ public function decrypt(string $authenticatedCiphertext, string $password = ''): throw new \Exception('Authenticated ciphertext could not be decoded.'); } - $ciphertext = hex2bin($parts[0]); + $ciphertext = $this->hex2bin($parts[0]); $iv = $parts[1]; - $hmac = hex2bin($parts[2]); + $hmac = $this->hex2bin($parts[2]); if ($partCount === 4) { $version = $parts[3]; if ($version === '2') { - $iv = hex2bin($iv); + $iv = $this->hex2bin($iv); } } @@ -146,4 +146,20 @@ public function decrypt(string $authenticatedCiphertext, string $password = ''): return $result; } + + private function hex2bin(string $hex): string { + if (!ctype_xdigit($hex)) { + throw new \RuntimeException('String contains non hex chars: ' . $hex); + } + if (strlen($hex) % 2 !== 0) { + throw new \RuntimeException('Hex string is not of even length: ' . $hex); + } + $result = hex2bin($hex); + + if ($result === false) { + throw new \RuntimeException('Hex to bin conversion failed: ' . $hex); + } + + return $result; + } }