Commit 1f55cee8 authored by Eike Hein's avatar Eike Hein
Browse files

Do a bounds check on ECB blocks.

Blindly assuming they're the expected 12 chars can lead to a crash
on malformed input.

Original patch by Manuel Nickschas for Quassel, who incorporated
the original Konversation code into Quassel in 2009.

Upstream:
https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
parent 8f9c9a0f
......@@ -353,8 +353,12 @@ namespace Konversation
}
else
{
// ECB Blowfish encodes in blocks of 12 chars, so anything else is malformed input
if ((temp.length() % 12) != 0)
return cipherText;
temp = b64ToByte(temp);
while((temp.length() % 8) != 0) temp.append('\0');
while ((temp.length() % 8) != 0) temp.append('\0');
}
QCA::Direction dir = (direction) ? QCA::Encode : QCA::Decode;
......@@ -362,11 +366,17 @@ namespace Konversation
QByteArray temp2 = cipher.update(QCA::MemoryRegion(temp)).toByteArray();
temp2 += cipher.final().toByteArray();
if(!cipher.ok())
if (!cipher.ok())
return cipherText;
if(direction)
if (direction)
{
// Sanity check
if ((temp2.length() % 8) != 0)
return cipherText;
temp2 = byteToB64(temp2);
}
return temp2;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment