10000 Validate Hex · magic-coder/sqlcipher@a5d41bf · GitHub
[go: up one dir, main page]
Skip to content

Commit a5d41bf

Browse files
Sc00bzSc00bz
committed
Validate Hex
1 parent f556390 commit a5d41bf

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

src/crypto_impl.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -885,12 +885,12 @@ static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
885885
if(ctx->read_ctx->provider->random(ctx->read_ctx->provider_ctx, ctx->kdf_salt, FILE_HEADER_SZ) != SQLITE_OK) return SQLITE_ERROR;
886886
ctx->need_kdf_salt = 0;
887887
}
888-
if (c_ctx->pass_sz == ((c_ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0) {
888+
if (c_ctx->pass_sz == ((c_ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, c_ctx->key_sz * 2)) {
889889
int n = c_ctx->pass_sz - 3; /* adjust for leading x' and tailing ' */
890890
const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
891891
CODEC_TRACE(("cipher_ctx_key_derive: using raw key from hex\n"));
892892
cipher_hex2bin(z, n, c_ctx->key);
893-
} else if (c_ctx->pass_sz == (((c_ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0) {
893+
} else if (c_ctx->pass_sz == (((c_ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, (c_ctx->key_sz + ctx->kdf_salt_sz) * 2)) {
894894
const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
895895
CODEC_TRACE(("cipher_ctx_key_derive: using raw key from hex\n"));
896896
cipher_hex2bin(z, (c_ctx->key_sz * 2), c_ctx->key);

0 commit comments

Comments
 (0)
0