[Tickets #14026] Use of raw_data in Horde_Crypt_Blowfish_Openssl
noreply at bugs.horde.org
noreply at bugs.horde.org
Wed Jun 24 12:58:28 UTC 2015
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14026
------------------------------------------------------------------------------
Ticket | 14026
Created By | almarin at um.es
Summary | Use of raw_data in Horde_Crypt_Blowfish_Openssl
Queue | Horde Framework Packages
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
almarin at um.es (2015-06-24 12:58) wrote:
Horde_Crypt_Blowfish_Openssl uses $raw_data = true in encrypt/decrypt
operations, so the result can be any binary string, even a string
starting with \0 at the beginning.
That causes issues like in Horde_Session, where values starting with
\0 are considered NOT_SERIALIZED and are returned unencrypted
(https://github.com/horde/horde/blob/master/framework/Core/lib/Horde/Session.php#L355)
Can be replaced with $raw_data = false to force the use of base64
format? Of course in both encrypt/decrypt operations
More information about the bugs
mailing list