Validate rand key length before 3des operations

Signed-off-by: Sean Du <do4suki@gmail.com>
This commit is contained in:
2026-04-28 11:44:56 +08:00
parent 666388a5ed
commit ae847f5e29
6 changed files with 41 additions and 11 deletions
+10 -2
View File
@@ -2,6 +2,7 @@ package basic
import (
"encoding/base64"
"errors"
"fmt"
"honoka-chan/internal/router"
ghomeschema "honoka-chan/internal/schema/ghome"
@@ -31,13 +32,20 @@ func handshake(ctx *gin.Context) {
decryptedData := encrypt.RSADecrypt(data)
params, _ := url.ParseQuery(string(decryptedData))
params, err := url.ParseQuery(string(decryptedData))
if ss.CheckErr(err) {
return
}
randKey := params.Get("randkey")
if len(randKey) < 24 {
ss.Abort(errors.New("invalid rand key"))
return
}
ss.SetRandKey(randKey)
token := fmt.Sprintf(`{"message":"ok","result":0,"token":"%s"}`, strings.ToUpper(honokautils.RandomStr(33)))
encryptedToken, err := openssl.Des3ECBEncrypt([]byte(token), []byte(randKey)[0:24], openssl.PKCS7_PADDING)
encryptedToken, err := openssl.Des3ECBEncrypt([]byte(token), []byte(randKey[:24]), openssl.PKCS7_PADDING)
if ss.CheckErr(err) {
return
}