Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-05-02 06:26:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

handle regression due to base58 stripping NULL bytes, discovered via JSVerify RNG state 0dec6b2a5f04d19873

Browse source
This commit is contained in:
El RIDO 2019-05-19 09:54:40 +02:00
parent 909ff2daa7
commit 353d08daf6
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
4 changed files with 11 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

4
js/privatebin.js
View file

@ -1140,7 +1140,9 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// version 2 uses base58, version 1 uses base64 without decoding
try {
symmetricKey = CryptTool.base58decode(newKey);
// base58 encode strips NULL bytes at the beginning of the
// string, so we re-add them if necessary
symmetricKey = CryptTool.base58decode(newKey).padStart(32, '\u0000');
} catch(e) {
symmetricKey = newKey;
}