From 015d449c2879569f1d472be9be595c1ce7fdb090 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20P=C3=A9rez=20Crespo?= <jaime.perez@uninett.no>
Date: Fri, 24 Aug 2012 12:56:41 +0000
Subject: [PATCH] Fix for issue #509. Check symmetric key length once
 decrypted, to make sure it is the same size as expected.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3145 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SAML2/Utils.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/SAML2/Utils.php b/lib/SAML2/Utils.php
index 6a959c261..00e5a3390 100644
--- a/lib/SAML2/Utils.php
+++ b/lib/SAML2/Utils.php
@@ -398,6 +398,10 @@ class SAML2_Utils {
 
 			try {
 				$key = $encKey->decryptKey($symmetricKeyInfo);
+				if (strlen($key) != $keySize) {
+					throw new Exception('Unexpected key size (' . strlen($key) * 8 . 'bits) for encryption algorithm: ' .
+										var_export($symmetricKey->type, TRUE));
+				}
 			} catch (Exception $e) {
 				/* We failed to decrypt this key. Log it, and substitute a "random" key. */
 				SimpleSAML_Logger::error('Failed to decrypt symmetric key: ' . $e->getMessage());
-- 
GitLab