diff options
| author | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2010-11-29 08:50:39 +0000 |
|---|---|---|
| committer | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2010-11-29 08:50:39 +0000 |
| commit | 9c9051d1f6dc4754d3411bdf7cec7cb76d38dfcb (patch) | |
| tree | a13caf7eb446928f9de53950b618a5595e1e9e32 /roundcubemail/program | |
| parent | a810ec2866c998686e86c5159dff0fb17406a8d4 (diff) | |
- Handle PHP warning in decrypt function (#1485970)
git-svn-id: https://svn.roundcube.net/trunk@4287 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program')
| -rw-r--r-- | roundcubemail/program/include/rcmail.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/roundcubemail/program/include/rcmail.php b/roundcubemail/program/include/rcmail.php index e76b1420a..d376e98bf 100644 --- a/roundcubemail/program/include/rcmail.php +++ b/roundcubemail/program/include/rcmail.php @@ -1203,8 +1203,14 @@ class rcmail if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))) { - $iv = substr($cipher, 0, mcrypt_enc_get_iv_size($td)); - $cipher = substr($cipher, mcrypt_enc_get_iv_size($td)); + $iv_size = mcrypt_enc_get_iv_size($td); + $iv = substr($cipher, 0, $iv_size); + + // session corruption? (#1485970) + if (strlen($iv) < $iv_size) + return ''; + + $cipher = substr($cipher, $iv_size); mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv); $clear = mdecrypt_generic($td, $cipher); mcrypt_generic_deinit($td); |