Merge pull request JoinMarket-Org#191 from AdamISZ/pkcs7sanitycheck

ensure correct password
ghtdak · Aug 15, 2015 · 548778c · 548778c
2 parents 97c59f6 + 96626f7
commit 548778c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/lib/common.py b/lib/common.py
@@ -248,7 +248,12 @@ def get_seed(self, seedarg):
  try:
  decrypted_seed = slowaes.decryptData(
  password_key, encrypted_seed.decode('hex')).encode('hex')
- decrypted = True
+ #there is a small probability of getting a valid PKCS7 padding
+ #by chance from a wrong password; sanity check the seed length
+ if len(decrypted_seed) == 32:
+ decrypted = True
+ else:
+ raise ValueError
  except ValueError:
  print 'Incorrect password'
  decrypted = False

diff --git a/lib/slowaes.py b/lib/slowaes.py
@@ -29,6 +29,8 @@ def strip_PKCS7_padding(s):
  numpads = ord(s[-1])
  if numpads > 16:
  raise ValueError("String ending with %r can't be PCKS7-padded" % s[-1])
+ if not all(numpads == x for x in map(ord, s[-numpads:-1])):
+ raise ValueError("Invalid PKCS7 padding")
  return s[:-numpads]