When receiving an empty string, aes_decrypt produces the following warning.

warning: mdecrypt_generic() [function.mdecrypt-generic]: An empty string was passed in .../sites/all/modules/contrib/aes/aes.module on line 762.

Using isset() instead of empty() on line 696 of aes.module fixes the issue.

CommentFileSizeAuthor
#3 base64decodefirst-1218566-3.patch703 bytesdan_lennox
#1 fixed-warning-isset-1218566-2.patch516 bytesdan_lennox
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

dan_lennox’s picture

dan_lennox CreditAttribution: dan_lennox commented
FileSize
fixed-warning-isset-1218566-2.patch516 bytes

Patch supplied.

dan_lennox’s picture

dan_lennox CreditAttribution: dan_lennox commented

OK this is still an issue but my fix is completely wrong.

dan_lennox’s picture

dan_lennox CreditAttribution: dan_lennox commented
FileSize
base64decodefirst-1218566-3.patch703 bytes

Actual issue was being caused by $string = base64_decode($string); being called after the test for "empty" instead of before. Patch supplied.

easyfit’s picture

easyfit CreditAttribution: easyfit commented

I'll leave it to lee20 to apply the patch, but I just want to say nice catch and thanks for looking into this! It's been a standing issue for some time

dan_lennox’s picture

dan_lennox CreditAttribution: dan_lennox commented

No worries. Thanks for the handy module!

dan_lennox’s picture

dan_lennox CreditAttribution: dan_lennox commented
Status: Active » Needs review

Whoops forgot to change status.

EvanDonovan’s picture

EvanDonovan CreditAttribution: EvanDonovan commented
Issue tags: +7.x-1.6

Are you sure this is the correct fix? Seems counter-intuitive not to check first.

Also, tracking for 7.x.

EvanDonovan’s picture

EvanDonovan CreditAttribution: EvanDonovan commented
dpovshed’s picture

dpovshed CreditAttribution: dpovshed commented
Version: 6.x-1.4 » 7.x-1.x-dev
Issue summary: View changes
Issue tags: -7.x-1.6

If someone interested in having this fixed - please do code review.

AshwinB’s picture

AshwinB CreditAttribution: AshwinB commented

After applying the patch, the warning still shows up, just with different text.. Now it says "Tried to decrypt an empty string.". After applying the patch, the warning gets logged multiple times during each login. Any suggestions?

dpovshed’s picture

dpovshed CreditAttribution: dpovshed commented
Status: Needs review » Needs work

@Amaster123, thank you for testing this!

  • dpovshed committed 93fbb1e on 7.x-1.x authored by dan_lennox 
    Issue #1218566 by dan_lennox: aes_decrypt produces warning when...
dpovshed’s picture

dpovshed CreditAttribution: dpovshed commented
Status: Needs work » Fixed

I checked patch in comment #3 and it worked fine to me to solve this minor problem.

Maybe I overlook somethhing and any of you have more sophisticated use-cases - feel free to report in details and reopen issue.

Patch was adopted and committed, thanks @dan_lennox !

Tested with code:

aes_decrypt(' ', FALSE);
aes_decrypt(' ', TRUE);
aes_decrypt('', FALSE);
aes_decrypt('', TRUE);

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.