Bug 768112 – ValueError: String can't be PCKS7-padded in the mock service

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 768112 - ValueError: String can't be PCKS7-padded in the mock service


Summary:	ValueError: String can't be PCKS7-padded in the mock service


Status:	RESOLVED FIXED

Product:	libsecret
Classification:	Other
Component:	General
Version:	0.18.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	libsecret maintainer(s)
QA Contact:	libsecret maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-06-27 19:54 UTC by Dmitry Shachnev
Modified:	2017-11-07 14:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
mock: Pad the common secret with zero bytes to make it exactly 128 bytes long (974 bytes, patch) 2017-10-08 18:37 UTC, Dmitry Shachnev	accepted-commit_now	Details \| Review

Description Dmitry Shachnev 2016-06-27 19:54:46 UTC

Hi,

I'm (mis)using libsecret's mock service for testing my own code on Travis. It usually works OK, but in some rare case I get this error:

python3 ./libsecret/libsecret/mock-service-normal.py
Traceback (most recent call last):

+ Trace 236396

File "/usr/lib/python3/dist-packages/dbus/service.py", line 707 in _message_cb
```
retval = candidate_method(self, *args, **keywords)
```
File "./libsecret/libsecret/mock/service.py", line 390 in CreateItem
```
(secret, content_type) = session.decode_secret(value)
```
File "./libsecret/libsecret/mock/service.py", line 172 in decode_secret
```
plain = self.algorithm.decrypt(self.key, value[1], value[2])
```
File "./libsecret/libsecret/mock/service.py", line 108 in decrypt
```
return aes.strip_PKCS7_padding(decr)
```
File "./libsecret/libsecret/mock/aes.py", line 27 in strip_PKCS7_padding
```
raise ValueError("String ending with %r can't be PCKS7-padded" % s[-1])
```

ValueError: String ending with 22 can't be PCKS7-padded


I think I just got this error for a second or third time. This time it happened when calling CreateItem method on a collection interface.

I don't know much about mock code but I suspect it may be wrong handling of cases where first/last byte of a key is zero (in this case the error will happen approx. one time of 256).

Comment 1 Dmitry Shachnev 2017-10-08 18:37:28 UTC

Created attachment 361147 [details] [review]
mock: Pad the common secret with zero bytes to make it exactly 128 bytes long

I finally found some time to debug this. It happens because the mock implementation does not pad the common DH secret with zero bytes, but my module and libsecret’s own C code do it:

https://git.gnome.org/browse/libsecret/tree/egg/egg-dh.c#n340

Attaching a patch to fix this.

Comment 2 Dmitry Shachnev 2017-11-07 10:21:15 UTC

Stef: any chance you can commit this patch?

Comment 3 Stef Walter 2017-11-07 14:19:51 UTC

Review of attachment 361147 [details] [review]:

Looks good to me!

Comment 4 Dmitry Shachnev 2017-11-07 14:22:04 UTC

Please push, I do not have rights :(

Comment 5 Stef Walter 2017-11-07 14:46:05 UTC

Merged to git master.