Fix #2473: Switch to using a separate code path for py2 or py3

for the plaintext length indicator field. Py2.7 cannot encode code points > 128 so fall back to chr(code_point) without the "encode()" attribute when Python 2.x is detected. This does not change the existing decrypt/unpad code paths. So whatever is currently broken in the DB due to bug #2473 will remain broken.
2025-08-09 00:58:16 -06:00 · 2018-10-19 14:12:33 -04:00 · 2018-10-19 14:12:33 -04:00 · 21b75fe4dd
commit 21b75fe4dd
parent 11b85e5247
1 changed files with 10 additions and 3 deletions
--- a/netbox/secrets/models.py
+++ b/netbox/secrets/models.py
@ -1,6 +1,7 @@
 from __future__ import unicode_literals

 import os
+import sys

 from Crypto.Cipher import AES, PKCS1_OAEP
 from Crypto.PublicKey import RSA
@ -399,10 +400,16 @@ class Secret(ChangeLoggedModel, CustomFieldModel):
            pad_length = 16 - ((len(s) + 2) % 16)
        else:
            pad_length = 0
+
+        if sys.version_info[0] < 3:
+            b1 = chr(len(s) >> 8)
+            b2 = chr(len(s) % 256)
+        else:
+            b1 = chr(len(s) >> 8).encode('latin-1')
+            b2 = chr(len(s) % 256).encode('latin-1')
+
        return (
-            chr(len(s) >> 8).encode('latin-1') +
-            chr(len(s) % 256).encode('latin-1') +
-            s +
+            b1 + b2 + s +
            os.urandom(pad_length)
        )