Comments (5)
flindvall
commented on August 12, 2024
This is a cleaner fix:
if ($this->block_mode) {
$bucket->data = $this->buffer . $bucket->data;
$this->buffer = '';
from mcrypt_compat.
terrafrost
commented on August 12, 2024
So one thing that'd help is some code that'd enable me to reproduce the problem and verify the fix. In lieu of that I can attempt to reproduce the issue based on your description of the problem, but it'd be faster if you could provide that yourself lol.
Being able to reproduce the issue also enables the creation of a unit test.
from mcrypt_compat.
flindvall
commented on August 12, 2024
Yes, I agree that the proper procedure would be to provide code to reproduce the issue, however this is a logical flaw that can be described in words. I have encountered this when trying to decrypt data. The scenario was that 13 bytes were in the buffer and 611 bytes in $bucket->data. That makes 624 bytes total that is evenly divided by a block length of 16 and since $extra = strlen($bucket->data) % $this->block_length will be 0 then nothing will be done to take care of the 13 bytes in the buffer since the buffer is only adjusted if there is a remainder. The result is that the 13 bytes remains in the buffer and will cause the decryption to break on the next call to the filter function. Clearing the buffer after its content has been added to $bucket->data solves the problem. How about this test case with a file of size 1888 bytes:
$opts = array('iv'=>$iv, 'key'=>$key, 'mode'=>'cbc');
$fd = fopen($encrypted_file, 'rb');
stream_filter_append($fd, "mdecrypt.rijndael-128", STREAM_FILTER_READ, $opts);
$content .= fread($fd, 653);
$content .= fread($fd, 611);
$content .= fread($fd, 624);
from mcrypt_compat.
terrafrost
commented on August 12, 2024
Does 0220d59 fix the issue for you?
It is quite difficult to unit test this as PHP doesn't really let you control (in-so-far as I know) how much of the file PHP actually reads. It doesn't look like it looks at the parameters that are passed to fread. Like 653 + 611 + 624 = 1888. So I tried to read the first 653 bytes and $bucket->data was already 1888 so I was unable to test the issue. This was true with php://memory, php://temp and an actual file.
I tried to have two file pointers - one that was write only and one that was read only. I then tried to write 653 bytes with the write-only file pointer and then read the 653 bytes with the read-only file pointer but locking interferes with that.
from mcrypt_compat.
flindvall
commented on August 12, 2024
Yes, I have verified that it does fix the issue. Thanks!
from mcrypt_compat.
Related Issues (20)
- RIJNDAEL-128 ECB Mode doesn't use IV but this polyfill requires a 16-bit IV HOT 3
- create_function deprecated in PHP 7.2 HOT 6
- Enhance project description HOT 1
- Serpent Support HOT 1
- stream_filter_append output is different than original mcrypt when writing HOT 4
- phpseclib_mcrypt_module_open CFB mapping missing from 1.0 branch HOT 2
- test-related questions, understand whether you need to change the test in the testMcryptGenericMode HOT 1
- Fatal Error in Version 1.07 HOT 2
- Module initialization failed... PHP7.2.1
- RC2 max key size incompatibility
- Uncaught Error: Class 'phpseclib3\Crypt\Blowfish' not found in lib/mcryptcompat/mcrypt.php:307 HOT 2
- THANKYOU!!!!!! HOT 1
- php 8.1 compatibility issues HOT 4
- OFB mode - Uncaught TypeError: Argument 1 passed to mcrypt_enc_get_iv_size() must be an instance of phpseclib3\Crypt\Common\SymmetricKey, bool given HOT 9
- PHP 8.1 deprecation warnings HOT 4
- Thank you thank you thank you
- Php 8.1 deprecation warning HOT 4
- Dependency on phpseclib/phpseclib:dev-master? HOT 5
- Can we also have old PHP behavior? HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mcrypt_compat.