MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-11-09 05:34:54 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fixed GCM cookie decoding authtag.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire
2020-05-03 14:12:26 -07:00
parent 34dde3f658
commit 43c8567b0d
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meshcentral.js
View File

@@ -2236,7 +2236,7 @@ function CreateMeshCentralServer(config, args) {
if (key == null) { key = obj.serverKey; }
cookie = Buffer.from(cookie.replace(/\@/g, '+').replace(/\$/g, '/'), obj.args.cookieencoding ? obj.args.cookieencoding : 'base64');
const decipher = obj.crypto.createDecipheriv('aes-256-gcm', key.slice(0, 32), cookie.slice(0, 12));
decipher.setAuthTag(cookie.slice(12, 16));
decipher.setAuthTag(cookie.slice(12, 28));
const o = JSON.parse(decipher.update(cookie.slice(28), 'binary', 'utf8') + decipher.final('utf8'));
if ((o.time == null) || (o.time == null) || (typeof o.time != 'number')) { obj.debug('cookie', 'ERR: Bad cookie due to invalid time'); return null; }
o.time = o.time * 1000; // Decode the cookie creation time