check iv length

Author: taylorotwell

src/Illuminate/Encryption/Encrypter.php

@@ -206,9 +206,8 @@ protected function getJsonPayload($payload)
      */
     protected function validPayload($payload)
     {
-        return is_array($payload) && isset(
-            $payload['iv'], $payload['value'], $payload['mac']
-        );
+        return is_array($payload) && isset($payload['iv'], $payload['value'], $payload['mac']) &&
+               strlen(base64_decode($payload['iv'], true)) === openssl_cipher_iv_length($this->cipher);
     }
 
     /**

tests/Encryption/EncrypterTest.php

@@ -102,4 +102,19 @@ public function testExceptionThrownWithDifferentKey()
         $b = new Encrypter(str_repeat('b', 16));
         $b->decrypt($a->encrypt('baz'));
     }
+
+    /**
+     * @expectedException \Illuminate\Contracts\Encryption\DecryptException
+     * @expectedExceptionMessage The payload is invalid.
+     */
+    public function testExceptionThrownWhenIvIsTooLong()
+    {
+        $e = new Encrypter(str_repeat('a', 16));
+        $payload = $e->encrypt('foo');
+        $data = json_decode(base64_decode($payload), true);
+        $data['iv'] .= $data['value'][0];
+        $data['value'] = substr($data['value'], 1);
+        $modified_payload = base64_encode(json_encode($data));
+        $e->decrypt($modified_payload);
+    }
 }