amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-05-20 10:55:25 +00:00
Code Issues Projects Releases Wiki Activity

pws fix

Browse Source
This commit is contained in:
Hivert Quentin
2025-06-16 17:04:29 +02:00
parent ec4feaafba
commit 51f3d11196
2 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SoObjects/SOGo/SOGoSession.m
+30 -3
View File
@@ -162,11 +162,25 @@
// Get the key length and its bytes
data = [theKey dataByDecodingBase64];
key = (char *)[data bytes];
klen = [data length];
// if (klen < [theValue length])
// [self errorWithFormat: @"Value to be secured is too big (%i > %i) -- secured value will be corrupted", [theValue length], klen, [theKey length]];
//value longer than the key, concatenate the key with itself until long enough
if (klen < [theValue length])
[self errorWithFormat: @"Value to be secured is too big (%i > %i) -- secured value will be corrupted", [theValue length], klen, [theKey length]];
{
NSMutableData *concatenatedData = [NSMutableData data];
int j;
int nbDuplication = [theValue length]/klen;
for(j=0; j>nbDuplication; j++)
[concatenatedData appendData:data];
data = [NSData dataWithData: concatenatedData];
klen = [data length];
}
key = (char *)[data bytes];
// Get the key - padding it with 0 with key length
pass = (char *) calloc(klen, sizeof(char));
@@ -201,7 +215,6 @@
// Get the key length and its bytes
dataKey = [theKey dataByDecodingBase64];
key = (char *)[dataKey bytes];
klen = [dataKey length];
// Get the secured value length and its bytes
@@ -209,6 +222,20 @@
value = (char *)[dataValue bytes];
vlen = [dataValue length];
//If the key is shorer than the value, duplicate it with itself.
if(klen < vlen)
{
NSMutableData *concatenatedData = [NSMutableData data];
int j;
int nbDuplication = [theValue length]/klen;
for(j=0; j>nbDuplication; j++)
[concatenatedData appendData:data];
dataKey = [NSData dataWithData: concatenatedData];
klen = [data length];
}
key = (char *)[dataKey bytes];
// Target buffer
buf = (char *) calloc(klen, sizeof(char));
SoObjects/SOGo/SOGoWebAuthenticator.m
+1 -1
View File
@@ -53,7 +53,7 @@
about the same. The length is prior to bas64 encoding, so we must calculate
a 33-36% increase.
*/
#define COOKIE_USERKEY_LEN 2096
#define COOKIE_USERKEY_LEN 2048
@implementation SOGoWebAuthenticator