diff options
Diffstat (limited to 'activesupport')
-rw-r--r-- | activesupport/lib/active_support/message_encryptor.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb index 87efe117c5..1f2736388d 100644 --- a/activesupport/lib/active_support/message_encryptor.rb +++ b/activesupport/lib/active_support/message_encryptor.rb @@ -99,6 +99,10 @@ module ActiveSupport def _decrypt(encrypted_message) cipher = new_cipher encrypted_data, iv, auth_tag = encrypted_message.split("--".freeze).map {|v| ::Base64.strict_decode64(v)} + + # Currently the OpenSSL bindings do not raise an error if auth_tag is + # truncated, which would allow an attacker to easily forge it. See + # https://github.com/ruby/openssl/issues/63 raise InvalidMessage if aead_mode? && auth_tag.bytes.length != 16 cipher.decrypt |