From 9afc6b10101dc49cf5d3913a95f11eda03445403 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Thu, 31 Aug 2023 16:19:12 +0200 Subject: [PATCH] Fix #516: Fix possible null dereference in ClientEciesEncryptor (#517) --- .../encryptor/ecies/ClientEciesEncryptor.java | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/ClientEciesEncryptor.java b/powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/ClientEciesEncryptor.java index 631f228da..a7eb39543 100644 --- a/powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/ClientEciesEncryptor.java +++ b/powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/ClientEciesEncryptor.java @@ -149,11 +149,17 @@ public EncryptedRequest encryptRequest(byte[] data) throws EncryptorException { this.envelopeKey = envelopeKey; this.requestNonce = validator.isUseTimestamp() ? null : requestNonce; + final Base64.Encoder base64Encoder = Base64.getEncoder(); + final EciesCryptogram eciesCryptogram = eciesPayload.getCryptogram(); + if (eciesCryptogram == null) { + throw new EncryptorException("The cryptogram value is null."); + } + return new EncryptedRequest( - Base64.getEncoder().encodeToString(eciesPayload.getCryptogram().getEphemeralPublicKey()), - Base64.getEncoder().encodeToString(eciesPayload.getCryptogram().getEncryptedData()), - Base64.getEncoder().encodeToString(eciesPayload.getCryptogram().getMac()), - validator.isUseNonceForRequest() ? Base64.getEncoder().encodeToString(requestNonce) : null, + base64Encoder.encodeToString(eciesCryptogram.getEphemeralPublicKey()), + base64Encoder.encodeToString(eciesCryptogram.getEncryptedData()), + base64Encoder.encodeToString(eciesCryptogram.getMac()), + validator.isUseNonceForRequest() ? base64Encoder.encodeToString(requestNonce) : null, requestTimestamp ); } @@ -174,9 +180,10 @@ public byte[] decryptResponse(EncryptedResponse response) throws EncryptorExcept throw new EncryptorException("Invalid encrypted response object"); } - final byte[] mac = Base64.getDecoder().decode(response.getMac()); - final byte[] encryptedData = Base64.getDecoder().decode(response.getEncryptedData()); - final byte[] responseNonce = validator.isUseTimestamp() ? Base64.getDecoder().decode(response.getNonce()) : requestNonce; + final Base64.Decoder base64Decoder = Base64.getDecoder(); + final byte[] mac = base64Decoder.decode(response.getMac()); + final byte[] encryptedData = base64Decoder.decode(response.getEncryptedData()); + final byte[] responseNonce = validator.isUseTimestamp() ? base64Decoder.decode(response.getNonce()) : requestNonce; final Long responseTimestamp = validator.isUseTimestamp() ? response.getTimestamp() : null; // Build sharedInfo2 with parameters received from the request.