MAGETWO-96983: M2.3 – Sodium crypto adapter errors on unexpected input

Sergey Shvets · Sergey Shvets · commit 50538c697279 · 2019-01-31T13:25:53.000+02:00
diff --git a/lib/internal/Magento/Framework/Encryption/Adapter/SodiumChachaIetf.php b/lib/internal/Magento/Framework/Encryption/Adapter/SodiumChachaIetf.php
@@ -59,12 +59,16 @@ public function decrypt(string $data): string
         $nonce = mb_substr($data, 0, SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES, '8bit');
         $payload = mb_substr($data, SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES, null, '8bit');
 
-        $plainText = sodium_crypto_aead_chacha20poly1305_ietf_decrypt(
-            $payload,
-            $nonce,
-            $nonce,
-            $this->key
-        );
+        try {
+            $plainText = sodium_crypto_aead_chacha20poly1305_ietf_decrypt(
+                $payload,
+                $nonce,
+                $nonce,
+                $this->key
+            );
+        } catch (\SodiumException $e) {
+            $plainText = '';
+        }
 
         return $plainText !== false ? $plainText : '';
     }
