Fix Get-DecryptedObject#10402
Conversation
Change LEN by DATALENGTH to avoid incorrect decryption when binary password or service master key values end with 0x20
|
@claude please review this pull request. |
|
Claude finished @andreasjordan's task in 1m 25s —— View job PR Review
SummaryThis PR fixes a subtle but real decryption bug in Fix AnalysisThe four changed -- BEFORE (wrong for binary ending in 0x20)
SUBSTRING(column, start, LEN(column) - n)
-- AFTER (correct - uses actual byte length)
SUBSTRING(column, start, DATALENGTH(column) - n)The four fixed locations:
The fix is correct. Minor ObservationLine 115 still uses WHERE LEN(syslnklgns.pwdhash) > 0This is a filter predicate (exclude empty/NULL rows), not a SUBSTRING length, so it does not contribute to the decryption bug. In theory, if For consistency, this could be updated to Code Style / CLAUDE.md Compliance
VerdictApprove. The fix is technically sound, well-scoped, and correctly targets the exact cause of the bug. The author's explanation in the PR description is accurate — |
andreasjordan
left a comment
There was a problem hiding this comment.
Thanks for reporting this bug and providing a fix.
|
Very nice bug fix, thank you again 🙏🏼 |
Change LEN by DATALENGTH to avoid incorrect decryption when binary password or service master key values end with 0x20
Type of Change
Invoke-ManualPester)Purpose
Correct a bug that almost never happen.
To make the bug happen, one of the folowing binary value must end with 0x20 :
These tables are only accessible with DAC connection