amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-02-17 07:33:57 +00:00
Code Issues Projects Releases Wiki Activity

fix(crypto): add protections for decryption

Browse Source
This commit is contained in:
Hivert Quentin
2024-02-09 16:16:19 +01:00
parent 311c358580
commit a6319e1689
4 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Documentation/SOGoInstallationGuide.asciidoc
View File

@@ -1186,8 +1186,8 @@ Defaults to `NO` when unset.
(with read-only access). Note that if set to `NO`, autocompletion will (with read-only access). Note that if set to `NO`, autocompletion will
not work for entries in this source and thus, freebusy lookups. not work for entries in this source and thus, freebusy lookups.
!displayName (optional) |displayName (optional)
!If set as an address book, the human identification name of the LDAP |If set as an address book, the human identification name of the LDAP
repository repository
|listRequiresDot (optional) |listRequiresDot (optional)

12
SoObjects/SOGo/NSString+Crypto.m
View File

@@ -511,7 +511,6 @@ static const NSString *kAES256GCMError = @"kAES256GCMError";
// Clean up // Clean up
free(plaintext); free(plaintext);
return value; return value;
#else #else
@@ -653,7 +652,7 @@ static const NSString *kAES256GCMError = @"kAES256GCMError";
int status = 0; int status = 0;
EVP_DecryptUpdate(ctx, plaintext, &p_len, [data bytes], [data length]); EVP_DecryptUpdate(ctx, plaintext, &p_len, [data bytes], [data length]);
outputData = [NSData dataWithBytes: plaintext length: p_len]; outputData = [NSData dataWithBytes: (char *)plaintext length: p_len];
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, GMC_TAG_LEN, (void *)[tagData bytes]); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, GMC_TAG_LEN, (void *)[tagData bytes]);
rv = EVP_DecryptFinal_ex(ctx, plaintext + p_len, &f_len); rv = EVP_DecryptFinal_ex(ctx, plaintext + p_len, &f_len);
p_len += f_len; p_len += f_len;
@@ -672,7 +671,14 @@ static const NSString *kAES256GCMError = @"kAES256GCMError";
// Clean up // Clean up
free(plaintext); free(plaintext);
return value; if(value)
return value;
else
{
*ex = [NSException exceptionWithName: kAES128ECError reason:@"Could decrypt but value is null" userInfo: nil];
return nil;
}
#else #else
*ex = [NSException exceptionWithName:kAES256GCMError reason:@"Missing OpenSSL framework" userInfo: nil]; *ex = [NSException exceptionWithName:kAES256GCMError reason:@"Missing OpenSSL framework" userInfo: nil];

2
SoObjects/SOGo/SOGoUser.m
View File

@@ -1079,6 +1079,8 @@ static const NSString *kEncryptedUserNamePrefix = @"uenc";
if(exception) if(exception)
[self errorWithFormat:@"Can't decrypt the password for auxiliary account %@: %@", [self errorWithFormat:@"Can't decrypt the password for auxiliary account %@: %@",
[account objectForKey: @"name"], [exception reason]]; [account objectForKey: @"name"], [exception reason]];
else if(!password)
[self errorWithFormat:@"No exception but decyrpted password is empty for account %@",[account objectForKey: @"name"]];
else else
[account setObject: password forKey: @"password"]; [account setObject: password forKey: @"password"];
} }

2
UI/PreferencesUI/UIxPreferences.m
View File

@@ -1624,6 +1624,8 @@ static NSArray *reminderValues = nil;
[oldAccount objectForKey: @"name"], [exception reason]]; [oldAccount objectForKey: @"name"], [exception reason]];
decryptedPassword = @""; decryptedPassword = @"";
} }
else if(!decryptedPassword)
[self errorWithFormat:@"No exception but decrypted password is empty for account %@",[oldAccount objectForKey: @"name"]];
else else
password = decryptedPassword; password = decryptedPassword;
NS_HANDLER NS_HANDLER