Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Virtuemart Development and bug reports => Topic started by: ssc3 on May 27, 2016, 10:13:48 AM

Title: Keys containing double quotes break vmcrypt
Post by: ssc3 on May 27, 2016, 10:13:48 AM
Joomla 3.51 and Virtuemart 3.0.16

php 5.6 and php 7

The following key file breaks vmcrypt

///////////////////////////////////////////////////////////

;<?php die(); */
                        [keys]
                        key = "‡a†Ê¨ÖÁÏ׌ª    ‰FZäÄ""
                        unixtime = "1464293091"
                        date = "2016-05-26 20:04:51"
                        b64 = "0"
                        size = "24"
                        ; */ ?>

///////////////////////////////////////////////////////////////

The key contains an extra double quote "

key = "‡a†Ê¨ÖÁÏ׌ª    ‰FZäÄ""

If you have a Windows server, keys with carriage returns also have the same effect

key = "‘Wi×hs=
‚È®Úüwò‘"R«ë"
                       
The key file itself is using line feeds as end of line markers

A temporary solution is to delete the key file and force a new key file to be generated.

Keep on doing this until a key without character returns or double quotes is created.

A more permanent solution would be to save the key with base64 encoding.
Title: Re: Keys containing double quotes break vmcrypt
Post by: Milbo on May 27, 2016, 11:08:03 AM
Thank you for report, explanation and idea how to fix it. My problem is now, how to update? We could force the system to generate a new key, when updating.

Or I remove in the keygenerator the " and any controll sign, easier for BC.

Or a check for the length and when it has doubled size => base64_decode. Hmmmm
Title: Re: Keys containing double quotes break vmcrypt
Post by: ssc3 on May 30, 2016, 17:40:04 PM
vmcrypt reads the key file using parse_ini_file which gives an error,

but since the key file is always saved in the following order

key
unixtime
date
b64
size

You might be able to use regex to extract the key. It should work with keys containing double quotes,
so they would be need to generate new keys.
Title: Re: Keys containing double quotes break vmcrypt
Post by: Milbo on May 30, 2016, 18:34:08 PM
actually we can also just  generate a new key, the system works automatically with multikeys
Title: Re: Keys containing double quotes break vmcrypt
Post by: ssc3 on May 30, 2016, 19:07:02 PM
As long as you do not have to retrieve data saved with the old key, then that would work.
Title: Re: Keys containing double quotes break vmcrypt
Post by: Milbo on May 30, 2016, 19:32:22 PM
Quote from: Milbo on May 27, 2016, 11:08:03 AM
Thank you for report, explanation and idea how to fix it. My problem is now, how to update? We could force the system to generate a new key, when updating.

Or I remove in the keygenerator the " and any controll sign, easier for BC.

Or a check for the length and when it has doubled size => base64_decode. Hmmmm
Quote from: Milbo on May 30, 2016, 18:34:08 PM
actually we can also just  generate a new key, the system works automatically with multikeys

So we could just add the base64_decode, when the length fits. I think that is the most simple solution
Title: Re: Keys containing double quotes break vmcrypt
Post by: Milbo on May 30, 2016, 19:33:30 PM
Even better, I just notice we note as value if it is an encoded key.
Text only | Text with Images