Skip to content

[stable34] fix(security): don't propagate ValueError from Crypto::decrypt() fallback#61105

Merged
AndyScherzinger merged 1 commit into
stable34from
backport/60735/stable34
Jun 17, 2026
Merged

[stable34] fix(security): don't propagate ValueError from Crypto::decrypt() fallback#61105
AndyScherzinger merged 1 commit into
stable34from
backport/60735/stable34

Conversation

@backportbot

@backportbot backportbot Bot commented Jun 9, 2026

Copy link
Copy Markdown

Backport of PR #60735

…back

When decrypting a v3 ciphertext with a mismatched secret, the first
attempt throws an Exception (HMAC mismatch). The fallback then calls
decryptWithoutSecret() with an empty string, which causes hash_hkdf()
to throw a ValueError. Since ValueError extends \Error rather than
\Exception, it bypassed the catch block and propagated as an unhandled
error, crashing the whole request.

Wrap the fallback in its own try/catch(\Throwable) and rethrow the
original Exception so callers get a meaningful HMAC mismatch error.

Signed-off-by: Anna Larch <anna@nextcloud.com>
AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@backportbot backportbot Bot requested a review from a team as a code owner June 9, 2026 13:15
@backportbot backportbot Bot requested review from Altahrim, CarlSchwan, come-nc, leftybournes, miaulalala, nickvergessen and salmart-dev and removed request for a team June 9, 2026 13:15
@backportbot backportbot Bot added this to the Nextcloud 34.0.1 milestone Jun 9, 2026
@AndyScherzinger AndyScherzinger merged commit 15db395 into stable34 Jun 17, 2026
187 of 203 checks passed
@AndyScherzinger AndyScherzinger deleted the backport/60735/stable34 branch June 17, 2026 21:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment