check iv length

taylorotwell · taylorotwell · commit 8f619c1ee5ab · 2018-03-30T08:26:38.000-05:00
diff --git a/Encrypter.php b/Encrypter.php
@@ -206,9 +206,8 @@ protected function getJsonPayload($payload)
      */
     protected function validPayload($payload)
     {
-        return is_array($payload) && isset(
-            $payload['iv'], $payload['value'], $payload['mac']
-        );
+        return is_array($payload) && isset($payload['iv'], $payload['value'], $payload['mac']) &&
+               strlen(base64_decode($payload['iv'], true)) === openssl_cipher_iv_length($this->cipher);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -206,9 +206,8 @@ protected function getJsonPayload($payload)`
`206`	`206`	`*/`
`207`	`207`	`protected function validPayload($payload)`
`208`	`208`	`{`
`209`		`- return is_array($payload) && isset(`
`210`		`- $payload['iv'], $payload['value'], $payload['mac']`
`211`		`- );`
	`209`	`+ return is_array($payload) && isset($payload['iv'], $payload['value'], $payload['mac']) &&`
	`210`	`+ strlen(base64_decode($payload['iv'], true)) === openssl_cipher_iv_length($this->cipher);`
`212`	`211`	`}`
`213`	`212`
`214`	`213`	`/**`