[Svn] r4287 - trunk/roundcubemail/program/include

trac at roundcube.net trac at roundcube.net
Mon Nov 29 09:50:39 CET 2010


Author: alec
Date: 2010-11-29 02:50:39 -0600 (Mon, 29 Nov 2010)
New Revision: 4287

Modified:
   trunk/roundcubemail/program/include/rcmail.php
Log:
- Handle PHP warning in decrypt function (#1485970)


Modified: trunk/roundcubemail/program/include/rcmail.php
===================================================================
--- trunk/roundcubemail/program/include/rcmail.php	2010-11-29 08:23:53 UTC (rev 4286)
+++ trunk/roundcubemail/program/include/rcmail.php	2010-11-29 08:50:39 UTC (rev 4287)
@@ -1203,8 +1203,14 @@
     if (function_exists('mcrypt_module_open') &&
         ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")))
     {
-      $iv = substr($cipher, 0, mcrypt_enc_get_iv_size($td));
-      $cipher = substr($cipher, mcrypt_enc_get_iv_size($td));
+      $iv_size = mcrypt_enc_get_iv_size($td);
+      $iv = substr($cipher, 0, $iv_size);
+
+      // session corruption? (#1485970)
+      if (strlen($iv) < $iv_size)
+        return '';
+
+      $cipher = substr($cipher, $iv_size);
       mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
       $clear = mdecrypt_generic($td, $cipher);
       mcrypt_generic_deinit($td);

_______________________________________________
http://lists.roundcube.net/mailman/listinfo/svn



More information about the Svn mailing list