Skip to content
This repository has been archived by the owner on Mar 16, 2023. It is now read-only.

Commit

Permalink
correct the minimum length of v00 messages from 50 (without the MAC) …
Browse files Browse the repository at this point in the history 
…to 82 (with the MAC) in
  • Loading branch information
@yahesh
yahesh committed Oct 30, 2019
1 parent a41c8a4 commit 15f3661
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 2 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# 0.20b1 (2019-10-30)

* correct the minimum length of v00 messages from 50 (without the MAC) to 82 (with the MAC) in `lib/shared-secrets.exec.php`

# 0.20b0 (2019-10-29)

* rewrote the application to use OpenSSL instead of GPG fixing indirect integrity vulnerabilities
Expand Down
2 changes: 1 addition & 1 deletion index.php
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?php

# Shared-Secrets v0.20b0
# Shared-Secrets v0.20b1
#
# Copyright (c) 2016-2019, SysEleven GmbH
# All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion lib/shared-secrets.exec.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ function decrypt_v00($message, $password, &$error = null, &$checksum = null) {
# check message format
$data[OPENSSL_FULLMESSAGE] = $message;

if (50 <= strlen($data[OPENSSL_FULLMESSAGE])) {
if (82 <= strlen($data[OPENSSL_FULLMESSAGE])) {
# parse message
$data[OPENSSL_MACMESSAGE] = substr($data[OPENSSL_FULLMESSAGE], 0, -32);
$data[OPENSSL_MAC] = substr($data[OPENSSL_FULLMESSAGE], -32);
Expand Down

0 comments on commit 15f3661

Please sign in to comment.