From eff61b3e4a9cba7b714ebbe592ef4a07aff3f7b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no>
Date: Wed, 26 Apr 2017 16:31:11 +0200
Subject: [PATCH] The ciphertext should never be less than 48 bytes, throw an
 exception in such case.

---
 lib/SimpleSAML/Utils/Crypto.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index 0bbc430cd..e9e229565 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -24,8 +24,10 @@ class Crypto
      */
     private static function _aesDecrypt($ciphertext, $secret)
     {
-        if (!is_string($ciphertext)) {
-            throw new \InvalidArgumentException('Input parameter "$ciphertext" must be a string.');
+        if (!is_string($ciphertext) || mb_strlen($ciphertext, '8bit') < 48) {
+            throw new \InvalidArgumentException(
+                'Input parameter "$ciphertext" must be a string with more than 48 characters.'
+            );
         }
         if (!function_exists("openssl_decrypt")) {
             throw new \SimpleSAML_Error_Exception("The openssl PHP module is not loaded.");
-- 
GitLab