btcd icon indicating copy to clipboard operation
btcd copied to clipboard

Published 20 hours ago verified publisher icon btcsuite

Validate PKCS7 padding correctly

Open AdamISZ opened this issue 7 years ago • 1 comments

The removePKCSPadding function did not valide the contents of the padding; the format is defined in RFC2315. This commit corrects that and some extra test cases which trigger padding validation failure are provided.

I realise that this is most likely not important. And I am not aware of anyone using this code right now. And it actually is kind of a corner case as to whether it'd ever matter.

For back-story you might find interesting this example - we were using an old slowaes.py module which likewise did not verify padding; and it turned out that because of the way we were using it, there was indeed a corner case here where it led to something bad happening. I think that'd be rare.

AdamISZ avatar Jan 15 '18 11:01 AdamISZ

@jcvernaleo (as per #1530)

  • Low priority
  • Bug(ish)

jakesylvestre avatar Mar 04 '20 14:03 jakesylvestre