Origin: http://quickgit.kde.org/?p=konversation.git&a=commit&h=1f55cee8b3d0956adc98834f7b5832e48e077ed7
Bug: https://bugs.kde.org/show_bug.cgi?id=210792
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768191
Description: Do a bounds check on ECB blocks.
    Backport fix for CVE-2014-8483
    https://security-tracker.debian.org/tracker/CVE-2014-8483
    .
    Blindly assuming they're the expected 12 chars can lead to a crash
    on malformed input.
    .
    Original patch by Manuel Nickschas for Quassel, who incorporated
    the original Konversation code into Quassel in 2009.

--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -353,8 +353,12 @@
         }
         else
         {
+        // ECB Blowfish encodes in blocks of 12 chars, so anything else is malformed input
+        if ((temp.length() % 12) != 0)
+            return cipherText;
+
             temp = b64ToByte(temp);
-            while((temp.length() % 8) != 0) temp.append('\0');
+            while ((temp.length() % 8) != 0) temp.append('\0');
         }
 
         QCA::Direction dir = (direction) ? QCA::Encode : QCA::Decode;
@@ -362,11 +366,17 @@
         QByteArray temp2 = cipher.update(QCA::MemoryRegion(temp)).toByteArray();
         temp2 += cipher.final().toByteArray();
 
-        if(!cipher.ok())
+        if (!cipher.ok())
             return cipherText;
 
-        if(direction)
+        if (direction)
+        {
+            // Sanity check
+            if ((temp2.length() % 8) != 0)
+                return cipherText;
+
             temp2 = byteToB64(temp2);
+        }
 
         return temp2;
     }