Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AESProvider Decrypt method does not check string length before substring method invoked #13

Open
hoeyi opened this issue Dec 23, 2023 · 0 comments
Open

AESProvider Decrypt method does not check string length before substring method invoked #13

hoeyi opened this issue Dec 23, 2023 · 0 comments
Assignees
@hoeyi
Labels
area: cryptography Cryptography and related methods bug Something isn't working

Comments

@hoeyi
Copy link
Owner

hoeyi commented Dec 23, 2023

Summary

The Decrypt(string, string) method is responsible for extracting the cipher text and iv from the given text and decrypting the cipher text. This is done by taking a substring from the given text, which is not checked for length before attempting. This may be causing issues when a value is undefined.

Desired Solution

Evaluate method for better handling of cases where the input string is not long enough to have the expected cipher and iv components.

Extensions.Configuration/Extensions.Configuration/Cryptography/AESProvider.cs

Line 79 in e30031d

public static string Decrypt(string cipherTextWithIV, string aesKey)

@hoeyi hoeyi added the bug Something isn't working label Dec 23, 2023
@hoeyi hoeyi self-assigned this Dec 23, 2023
@hoeyi hoeyi added the area: cryptography Cryptography and related methods label Dec 23, 2023
@hoeyi hoeyi changed the title AESProvider Decrypt method does not check string left before substring method invoked AESProvider Decrypt method does not check string length before substring method invoked Dec 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hoeyi hoeyi

Labels
area: cryptography Cryptography and related methods bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hoeyi