Merge pull request #143 from Zentyal/jgarcia/crash-session
Safe decoding of secured value
This commit is contained in:
commit
cab5846e37
|
@ -171,8 +171,7 @@
|
|||
klen = [data length];
|
||||
|
||||
// Get the key - padding it with 0 with key length
|
||||
pass = (char *)malloc(klen);
|
||||
memset(pass, 0, klen);
|
||||
pass = (char *) calloc(klen, sizeof(char));
|
||||
[theValue getCString: pass maxLength: klen encoding: NSUTF8StringEncoding];
|
||||
|
||||
// Target buffer
|
||||
|
@ -196,26 +195,28 @@
|
|||
+ (NSString *) valueFromSecuredValue: (NSString *) theValue
|
||||
usingKey: (NSString *) theKey
|
||||
{
|
||||
NSData *data;
|
||||
NSData *dataKey, *dataValue;
|
||||
NSString *s;
|
||||
|
||||
char *buf, *key, *pass;
|
||||
int i, klen;
|
||||
char *buf, *key, *value;
|
||||
size_t i, klen, vlen;
|
||||
|
||||
// Get the key length and its bytes
|
||||
data = [theKey dataByDecodingBase64];
|
||||
key = (char *)[data bytes];
|
||||
klen = [data length];
|
||||
dataKey = [theKey dataByDecodingBase64];
|
||||
key = (char *)[dataKey bytes];
|
||||
klen = [dataKey length];
|
||||
|
||||
// Get the secured password
|
||||
pass = (char *)[[theValue dataByDecodingBase64] bytes];
|
||||
// Get the secured value length and its bytes
|
||||
dataValue = [theValue dataByDecodingBase64];
|
||||
value = (char *)[dataValue bytes];
|
||||
vlen = [dataValue length];
|
||||
|
||||
// Target buffer
|
||||
buf = (char *)malloc(klen);
|
||||
buf = (char *) calloc(klen, sizeof(char));
|
||||
|
||||
for (i = 0; i < klen; i++)
|
||||
for (i = 0; i < klen && i < vlen; i++)
|
||||
{
|
||||
buf[i] = key[i] ^ pass[i];
|
||||
buf[i] = key[i] ^ value[i];
|
||||
}
|
||||
|
||||
// buf is now our C string in UTF8
|
||||
|
|
Loading…
Reference in a new issue