From f04e5fbed6a572bb68482f757d76332918df2070 Mon Sep 17 00:00:00 2001
From: SomberNight <somber.night@protonmail.com>
Date: Thu, 22 Nov 2018 18:21:19 +0100
Subject: [PATCH] crypto: fix pkcs7 padding check

related: ricmoo/pyaes#22

in practice, the only strings we would incorrectly accept are
(certain length of) all zero bytes
---
 electrum/crypto.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/electrum/crypto.py b/electrum/crypto.py
index 345fbd85a..038caafce 100644
--- a/electrum/crypto.py
+++ b/electrum/crypto.py
@@ -55,8 +55,8 @@ def strip_PKCS7_padding(data: bytes) -> bytes:
     if len(data) % 16 != 0 or len(data) == 0:
         raise InvalidPadding("invalid length")
     padlen = data[-1]
-    if padlen > 16:
-        raise InvalidPadding("invalid padding byte (large)")
+    if not (0 < padlen <= 16):
+        raise InvalidPadding("invalid padding byte (out of range)")
     for i in data[-padlen:]:
         if i != padlen:
             raise InvalidPadding("invalid padding byte (inconsistent)")