Merge pull request #25714 from nextcloud/fix/23197/explicitly_check_hex2bin_input

Explicitly check hex2bin input

Author: MorrisJobke

lib/private/Security/Crypto.php

@@ -124,14 +124,14 @@ public function decrypt(string $authenticatedCiphertext, string $password = ''):
 			throw new \Exception('Authenticated ciphertext could not be decoded.');
 		}
 
-		$ciphertext = hex2bin($parts[0]);
+		$ciphertext = $this->hex2bin($parts[0]);
 		$iv = $parts[1];
-		$hmac = hex2bin($parts[2]);
+		$hmac = $this->hex2bin($parts[2]);
 
 		if ($partCount === 4) {
 			$version = $parts[3];
 			if ($version >= '2') {
-				$iv = hex2bin($iv);
+				$iv = $this->hex2bin($iv);
 			}
 
 			if ($version === '3') {
@@ -154,4 +154,20 @@ public function decrypt(string $authenticatedCiphertext, string $password = ''):
 
 		return $result;
 	}
+
+	private function hex2bin(string $hex): string {
+		if (!ctype_xdigit($hex)) {
+			throw new \RuntimeException('String contains non hex chars: ' . $hex);
+		}
+		if (strlen($hex) % 2 !== 0) {
+			throw new \RuntimeException('Hex string is not of even length: ' . $hex);
+		}
+		$result = hex2bin($hex);
+
+		if ($result === false) {
+			throw new \RuntimeException('Hex to bin conversion failed: ' . $hex);
+		}
+
+		return $result;
+	}
 }