When receiving an empty string, aes_decrypt produces the following warning.

warning: mdecrypt_generic() [function.mdecrypt-generic]: An empty string was passed in .../sites/all/modules/contrib/aes/aes.module on line 762.

Using isset() instead of empty() on line 696 of aes.module fixes the issue.

#3 base64decodefirst-1218566-3.patch703 bytesdan_lennox


dan_lennox’s picture

new516 bytes

Patch supplied.

dan_lennox’s picture

OK this is still an issue but my fix is completely wrong.

dan_lennox’s picture

new703 bytes

Actual issue was being caused by $string = base64_decode($string); being called after the test for "empty" instead of before. Patch supplied.

easyfit’s picture

I'll leave it to lee20 to apply the patch, but I just want to say nice catch and thanks for looking into this! It's been a standing issue for some time

dan_lennox’s picture

No worries. Thanks for the handy module!

dan_lennox’s picture

Status:Active» Needs review

Whoops forgot to change status.

EvanDonovan’s picture

Issue tags:+7.x-1.6

Are you sure this is the correct fix? Seems counter-intuitive not to check first.

Also, tracking for 7.x.

EvanDonovan’s picture

dpovshed’s picture

Version:6.x-1.4» 7.x-1.x-dev
Issue summary:View changes
Issue tags:-7.x-1.6

If someone interested in having this fixed - please do code review.

Amaster123’s picture

After applying the patch, the warning still shows up, just with different text.. Now it says "Tried to decrypt an empty string.". After applying the patch, the warning gets logged multiple times during each login. Any suggestions?

dpovshed’s picture

Status:Needs review» Needs work

@Amaster123, thank you for testing this!

  • dpovshed committed 93fbb1e on 7.x-1.x authored by dan_lennox
    Issue #1218566 by dan_lennox: aes_decrypt produces warning when...
dpovshed’s picture

Status:Needs work» Fixed

I checked patch in comment #3 and it worked fine to me to solve this minor problem.

Maybe I overlook somethhing and any of you have more sophisticated use-cases - feel free to report in details and reopen issue.

Patch was adopted and committed, thanks @dan_lennox !

Tested with code:

aes_decrypt(' ', FALSE);
aes_decrypt(' ', TRUE);
aes_decrypt('', FALSE);
aes_decrypt('', TRUE);

Status:Fixed» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.