Fix division by zero

tvlooy · chalasr · commit ac64013bba1c · 2022-05-11T18:54:42.000+02:00
diff --git a/CsrfTokenManager.php b/CsrfTokenManager.php
@@ -134,6 +134,9 @@ private function derandomize(string $value): string
             return $value;
         }
         $key = base64_decode(strtr($parts[1], '-_', '+/'));
+        if ('' === $key || false === $key) {
+            return $value;
+        }
         $value = base64_decode(strtr($parts[2], '-_', '+/'));
 
         return $this->xor($value, $key);
diff --git a/Tests/CsrfTokenManagerTest.php b/Tests/CsrfTokenManagerTest.php
@@ -193,6 +193,26 @@ public function testNonExistingTokenIsNotValid($namespace, $manager, $storage)
         $this->assertFalse($manager->isTokenValid(new CsrfToken('token_id', 'FOOBAR')));
     }
 
+    public function testTokenShouldNotTriggerDivisionByZero()
+    {
+        [$generator, $storage] = $this->getGeneratorAndStorage();
+        $manager = new CsrfTokenManager($generator, $storage);
+
+        // Scenario: the token that was returned is abc.def.ghi, and gets modified in the browser to abc..ghi
+
+        $storage->expects($this->once())
+            ->method('hasToken')
+            ->with('https-token_id')
+            ->willReturn(true);
+
+        $storage->expects($this->once())
+            ->method('getToken')
+            ->with('https-token_id')
+            ->willReturn('def');
+
+        $this->assertFalse($manager->isTokenValid(new CsrfToken('token_id', 'abc..ghi')));
+    }
+
     /**
      * @dataProvider getManagerGeneratorAndStorage
      */

Original file line number	Diff line number	Diff line change
`@@ -134,6 +134,9 @@ private function derandomize(string $value): string`
`134`	`134`	`return $value;`
`135`	`135`	`}`
`136`	`136`	`$key = base64_decode(strtr($parts[1], '-_', '+/'));`
	`137`	`+ if ('' === $key \|\| false === $key) {`
	`138`	`+ return $value;`
	`139`	`+ }`
`137`	`140`	`$value = base64_decode(strtr($parts[2], '-_', '+/'));`
`138`	`141`
`139`	`142`	`return $this->xor($value, $key);`