From: Markus Triska <triska@metalevel.at>
Date: Mon, 18 May 2020 11:28:52 +0000 (+0200)
Subject: stronger validation of input lists for cryptographic routines
X-Git-Tag: v0.8.123~17^2
X-Git-Url: https://git.sagredo.dev/?a=commitdiff_plain;h=a423eb53237a01e468796ac3900e9fb4ae826811;p=scryer-prolog.git

stronger validation of input lists for cryptographic routines

Example:

    ?- crypto_data_hkdf(Var, 32, Bs, []).
    caught: error(instantiation_error,must_be/2)

Reported by @notoria in #527. Many thanks!
---

diff --git a/src/prolog/lib/crypto.pl b/src/prolog/lib/crypto.pl
index 12c5b73b..909127d4 100644
--- a/src/prolog/lib/crypto.pl
+++ b/src/prolog/lib/crypto.pl
@@ -597,12 +597,14 @@ crypto_data_decrypt(CipherText0, Algorithm, Key, IV, PlainText, Options) :-
         '$crypto_data_decrypt'(CipherText, Key, IV, Encoding, PlainText).
 
 encoding_bytes(octet, Bs0, Bs) :-
+        must_be(list, Bs0),
         (   maplist(integer, Bs0) ->
             Bs0 = Bs
         ;   maplist(char_code, Bs0, Bs)
         ),
         must_be_bytes(Bs, crypto_encoding).
 encoding_bytes(utf8, Cs, Bs) :-
+        must_be(list, Cs),
         (   maplist(atom, Cs) ->
             chars_bytes_(Cs, Bs, crypto_encoding)
         ;   domain_error(encryption_encoding, Cs, crypto)