nextcloud/lib
Anna Larch 406cd72c34 fix(security): don't propagate ValueError from Crypto::decrypt() fallback
When decrypting a v3 ciphertext with a mismatched secret, the first
attempt throws an Exception (HMAC mismatch). The fallback then calls
decryptWithoutSecret() with an empty string, which causes hash_hkdf()
to throw a ValueError. Since ValueError extends \Error rather than
\Exception, it bypassed the catch block and propagated as an unhandled
error, crashing the whole request.

Wrap the fallback in its own try/catch(\Throwable) and rethrow the
original Exception so callers get a meaningful HMAC mismatch error.

Signed-off-by: Anna Larch <anna@nextcloud.com>
AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-09 13:14:53 +00:00
..
composer feat: add permissions mask variant that only masks one directory 2026-04-09 23:54:51 +00:00
l10n fix(l10n): Update translations from Transifex 2026-06-06 00:23:18 +00:00
private fix(security): don't propagate ValueError from Crypto::decrypt() fallback 2026-06-09 13:14:53 +00:00
public docs(ocp): Add since tag 2026-06-02 20:12:54 +02:00
unstable fix(lexicon): missing doc 2025-07-24 15:56:35 -01:00
base.php fix: add user id header when redirecting to default app 2026-02-19 14:28:07 +00:00
versioncheck.php feat(PHP): Allow PHP 8.4 2024-11-08 12:59:12 +01:00