Opened 4 years ago
Closed 2 years ago
#1485970 closed Bugs (fixed)
PHP Warning mcrypt_generic_init() / mdecrypt_generic()
| Reported by: | rosali | Owned by: | |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.5-stable |
| Component: | PHP backend | Version: | git-master |
| Severity: | normal | Keywords: | |
| Cc: |
Description
I get randomly the following error log entries:
[10-Jul-2009 01:25:53] PHP Warning: mcrypt_generic_init() [<a href='function.mcrypt-generic-init'>function.mcrypt-generic-init</a>]: Iv size incorrect; supplied length: 0, needed: 8 in C:\xampp\htdocs\webmail\dev\program\include\rcmail.php on line 940
[10-Jul-2009 01:25:53] PHP Warning: mdecrypt_generic() [<a href='function.mdecrypt-generic'>function.mdecrypt-generic</a>]: An empty string was passed in C:\xampp\htdocs\webmail\dev\program\include\rcmail.php on line 941
Attachments (1)
Change History (10)
comment:1 follow-up: ↓ 2 Changed 4 years ago by alec
- Component changed from Core functionality to PHP backend
comment:2 in reply to: ↑ 1 Changed 4 years ago by rosali
Replying to alec:
When this happen? If you use any plugins disable them. This could happen when password stored in session is empty. If so, we can add a check to not decrypt empty password/string.
I can't reproduce it. I just see it randomly in my logs. It was already there when I used 0.2.1 and it still there with current SVN. So, I don't believe it's one of my plugins for 0.3.
I suggest to just check if $cipher is emty in rmail::decrypt and if so, return "".
comment:3 Changed 4 years ago by alec
- Resolution set to fixed
- Status changed from new to closed
Fixed in [713a66fc].
comment:4 Changed 3 years ago by lacri
- Resolution fixed deleted
- Status changed from closed to reopened
i have the same warning with the current trunk.
[26-Jul-2010 08:57:52] PHP Warning: mcrypt_generic_init() [function.mcrypt-generic-init]: Iv size incorrect; supplied length: 5, needed: 8
rcmail.php
mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
[26-Jul-2010 08:57:52] PHP Warning: mdecrypt_generic() [function.mdecrypt-generic]: An empty string was passed
rcmail.php
$clear = mdecrypt_generic($td, $cipher);
comment:6 Changed 3 years ago by lacri
PHP Version 5.2.13-pl0-gentoo
comment:7 Changed 2 years ago by dennylin93
I have also seen similar errors (only twice though):
PHP Warning: mcrypt_generic_init(): Iv size incorrect; supplied length: 5, needed: 8 in /home/www/mail/program/include/rcmail.php on line 1130
PHP Warning: mdecrypt_generic(): An empty string was passed in /home/ www/mail/program/include/rcmail.php on line 1131
Using Roundcube 0.4.2 and PHP 5.3.3.
Changed 2 years ago by dennylin93
comment:8 Changed 2 years ago by dennylin93
Can someone check this patch? It checks the IV length and returns an empty string if the length doesn't match.
comment:9 Changed 2 years ago by alec
- Resolution set to fixed
- Status changed from reopened to closed
Fixed in [9016a84f].
When this happen? If you use any plugins disable them. This could happen when password stored in session is empty. If so, we can add a check to not decrypt empty password/string.