From 821559d0ebbc08c089147822b5be0dfa6ebdda9a Mon Sep 17 00:00:00 2001
From: Toshiaki Asai <toshi.alternative@gmail.com>
Date: Sun, 7 Aug 2016 09:40:16 +0900
Subject: アカウント情報を暗号化するキーの長さが誤っている refs #842
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/service_keeper.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/service_keeper.rb b/core/service_keeper.rb
index cdf18faf..6506d27c 100644
--- a/core/service_keeper.rb
+++ b/core/service_keeper.rb
@@ -10,12 +10,14 @@ class Service
   module SaveData
     ACCOUNT_FILE = File.join(Environment::SETTINGDIR, 'core', 'token').freeze
     ACCOUNT_TMP = (ACCOUNT_FILE + ".write").freeze
+    ACCOUNT_CRYPT_KEY_LEN = 16
 
     extend SaveData
     @@service_lock = Monitor.new
 
     def key
-      UserConfig[:account_crypt_key] ||= SecureRandom.hex end
+      key = UserConfig[:account_crypt_key] ||= SecureRandom.random_bytes(ACCOUNT_CRYPT_KEY_LEN)
+      key[0, ACCOUNT_CRYPT_KEY_LEN] end
 
     # 全てのアカウント情報をオブジェクトとして返す
     # ==== Return
@@ -113,6 +115,7 @@ class Service
 
     def encrypt(str)
       cipher = OpenSSL::Cipher.new('bf-ecb').encrypt
+      cipher.key_len = ACCOUNT_CRYPT_KEY_LEN
       cipher.key = key
       cipher.update(str) << cipher.final end
 
-- 
cgit v1.2.3