From dd61ec5c3f9ec4b49f337e111d50ff17d73873d2 Mon Sep 17 00:00:00 2001 From: Cory Knox Date: Mon, 8 Sep 2025 14:41:55 -0700 Subject: [PATCH] (#3765) Don't try to decrypt null strings The DefaultEncryptionUtility attempts to decrypt a string without checking if the string is null or empty. This commit adds a check the same as in EncryptString whereby we return null if the input string is null or empty. --- .../infrastructure/cryptography/DefaultEncryptionUtility.cs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/chocolatey/infrastructure/cryptography/DefaultEncryptionUtility.cs b/src/chocolatey/infrastructure/cryptography/DefaultEncryptionUtility.cs index c4ee408a51..211e6b8314 100644 --- a/src/chocolatey/infrastructure/cryptography/DefaultEncryptionUtility.cs +++ b/src/chocolatey/infrastructure/cryptography/DefaultEncryptionUtility.cs @@ -61,6 +61,11 @@ This is can be because the machine keyfile cannot be written as a normal user. public string DecryptString(string encryptedString) { + if (string.IsNullOrEmpty(encryptedString)) + { + return null; + } + var encryptedByteArray = Convert.FromBase64String(encryptedString); byte[] decryptedByteArray;