From 896bb17f14e44925f5cdacbe10f1e86c20b88972 Mon Sep 17 00:00:00 2001 From: Benedict Date: Mon, 1 Aug 2016 15:58:18 +0200 Subject: fixed bug in valid_pkcs_padding The input length shut be a multiple of the blocksize. However we checked if the inpute length was a multiple of the number of padded bytes. --- lib/lib2.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'lib/lib2.c') diff --git a/lib/lib2.c b/lib/lib2.c index 70a7160..c7e6ebb 100644 --- a/lib/lib2.c +++ b/lib/lib2.c @@ -41,7 +41,7 @@ int valid_pkcs7_padding(const char *in, int length_in, char *unpadded, int block } padding_length = length_in - i; - if ((length_in % padding_length) != 0) + if ((length_in % blocksize) != 0) return 0; if(in[length_in-1] != padding_length) @@ -385,7 +385,6 @@ int challenge16_encrypt(char *input, char **encrypted) res[strlen(prepend)+strlen(input)+strlen(append)+2*quote_char+1] = '\0'; // padding unencrypted = pkcs7_padding(res, strlen(res), 16); - printf("%s\n", unencrypted); *encrypted = malloc(strlen(unencrypted)); aes_cbc(unencrypted, strlen(unencrypted), *encrypted, key, iv , 1); return strlen(unencrypted); @@ -398,7 +397,11 @@ void challenge16_decrypt(char *encrypted, int length) aes_cbc(encrypted, length, unencrypted, key, iv, 0); // unpadd - valid_pkcs7_padding(unencrypted, length, unpadd, 16); + int ret = valid_pkcs7_padding(unencrypted, length, unpadd, 16); + if(!ret) { + printf("no valid padding!\n"); + return; + } // look for string ;admin=true; printf("unencrpyted string: %s\n", unpadd); } -- cgit v1.2.3-70-g09d2