[BUG]: Crypt: Wrong padding calculation

phalcon / cphalcon

High performance, full-stack PHP framework delivered as a C extension.

https://phalcon.io

BSD 3-Clause "New" or "Revised" License

10.79k stars 1.96k forks source link

[BUG]: Crypt: Wrong padding calculation #16642

Closed niden closed 2 months ago

niden commented 2 months ago

Describe the bug The block size calculation is not correct because mb_strlen is used instead of strlen

Block ciphers operate with fixed size blocks of bytes not symbols while mb_strlen counts symbols (which can be single-byte or multi-byte). A multi-byte character is counted as 1

Credit @elcreator

niden commented 2 months ago

Resolved in https://github.com/phalcon/cphalcon/pull/16643