From 12dac83fd3963007f52944b14267a6d6150f7bff Mon Sep 17 00:00:00 2001
From: Herbert Poul <herbert@poul.at>
Date: Wed, 4 Sep 2019 22:32:02 +0200
Subject: [PATCH] fix detecting of invalid password vs. invalid byte stream.

---
 lib/src/kdbx_format.dart | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/lib/src/kdbx_format.dart b/lib/src/kdbx_format.dart
index a7de59e..5603e7c 100644
--- a/lib/src/kdbx_format.dart
+++ b/lib/src/kdbx_format.dart
@@ -305,19 +305,27 @@ class KdbxFormat {
         ParametersWithIV(KeyParameter(masterKey), encryptionIv.asUint8List()));
     final paddedDecrypted =
         AesHelper.processBlocks(decryptCipher, encryptedPayload);
-    final decrypted = AesHelper.unpad(paddedDecrypted);
 
     final streamStart = header.fields[HeaderFields.StreamStartBytes].bytes;
 
+    if (paddedDecrypted.lengthInBytes < streamStart.lengthInBytes) {
+      _logger.warning('decrypted content was shorter than expected stream start block.');
+      throw KdbxInvalidKeyException();
+    }
+
     _logger.finest(
         'streamStart: ${ByteUtils.toHexList(streamStart.asUint8List())}');
     _logger.finest(
-        'actual     : ${ByteUtils.toHexList(decrypted.sublist(0, streamStart.lengthInBytes))}');
+        'actual     : ${ByteUtils.toHexList(paddedDecrypted.sublist(0, streamStart.lengthInBytes))}');
+
 
     if (!ByteUtils.eq(streamStart.asUint8List(),
-        decrypted.sublist(0, streamStart.lengthInBytes))) {
+        paddedDecrypted.sublist(0, streamStart.lengthInBytes))) {
       throw KdbxInvalidKeyException();
     }
+
+    final decrypted = AesHelper.unpad(paddedDecrypted);
+
     // ignore: unnecessary_cast
     final content = decrypted.sublist(streamStart.lengthInBytes) as Uint8List;
     return content;