From 9d5d1f6cd56d86b91494e24fef76e052cfd0231a Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Thu, 27 Jun 2019 19:10:51 +0200 Subject: [PATCH] Don't use Crypt::URandom inside jail: this import file access libraries --- lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm | 5 +++-- lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm index e21ad0977..9bae6841c 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm @@ -64,13 +64,13 @@ sub _getCipher { # @param data data to encrypt # @return encrypted data in Base64 format sub encrypt { - my ( $self, $data ) = @_; + my ( $self, $data, $low ) = @_; # pad $data so that its length be multiple of 16 bytes my $l = bytes::length($data) % 16; $data .= "\0" x ( 16 - $l ) unless ( $l == 0 ); - my $iv = $newIv->(); + my $iv = $low ? md5( rand() . time . {} ) : $newIv->(); eval { $data = encode_base64( $iv . $self->_getCipher->set_iv($iv)->encrypt($data), @@ -102,6 +102,7 @@ sub decrypt { $iv = bytes::substr( $data, 0, 16 ); $data = bytes::substr( $data, 16 ); eval { $data = $self->_getCipher->set_iv($iv)->decrypt($data); }; + if ($@) { $msg = "Crypt::Rijndael error : $@"; return undef; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm index 02b1dcb1a..d48bf74bf 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm @@ -103,7 +103,7 @@ sub build_jail { # Import crypto methods for jail sub encrypt { - return &Lemonldap::NG::Handler::Main::tsv->{cipher}->encrypt(@_); + return &Lemonldap::NG::Handler::Main::tsv->{cipher}->encrypt( $_[0], 1 ); } sub token {