diff --git a/src/format/KeePass2XmlReader.cpp b/src/format/KeePass2XmlReader.cpp
index 735d6a12a..101b23b3f 100644
--- a/src/format/KeePass2XmlReader.cpp
+++ b/src/format/KeePass2XmlReader.cpp
@@ -151,21 +151,30 @@ bool KeePass2XmlReader::parseKeePassFile()
{
Q_ASSERT(m_xml.isStartElement() && m_xml.name() == "KeePassFile");
- bool rootParsed = false;
+ bool rootElementFound = false;
+ bool rootParsedSuccesfully = false;
while (!m_xml.error() && m_xml.readNextStartElement()) {
if (m_xml.name() == "Meta") {
parseMeta();
}
else if (m_xml.name() == "Root") {
- rootParsed = parseRoot();
+ rootParsedSuccesfully = parseRoot();
+
+ if (rootElementFound) {
+ rootParsedSuccesfully = false;
+ raiseError(29);
+ }
+ else {
+ rootElementFound = true;
+ }
}
else {
skipCurrentElement();
}
}
- return rootParsed;
+ return rootParsedSuccesfully;
}
void KeePass2XmlReader::parseMeta()
@@ -423,7 +432,8 @@ bool KeePass2XmlReader::parseRoot()
{
Q_ASSERT(m_xml.isStartElement() && m_xml.name() == "Root");
- bool groupParsed = false;
+ bool groupElementFound = false;
+ bool groupParsedSuccesfully = false;
while (!m_xml.error() && m_xml.readNextStartElement()) {
if (m_xml.name() == "Group") {
@@ -432,7 +442,15 @@ bool KeePass2XmlReader::parseRoot()
Group* oldRoot = m_db->rootGroup();
m_db->setRootGroup(rootGroup);
delete oldRoot;
- groupParsed = true;
+ groupParsedSuccesfully = true;
+ }
+
+ if (groupElementFound) {
+ groupParsedSuccesfully = false;
+ raiseError(30);
+ }
+ else {
+ groupElementFound = true;
}
}
else if (m_xml.name() == "DeletedObjects") {
@@ -443,7 +461,7 @@ bool KeePass2XmlReader::parseRoot()
}
}
- return groupParsed;
+ return groupParsedSuccesfully;
}
Group* KeePass2XmlReader::parseGroup()
diff --git a/tests/TestKeePass2XmlReader.cpp b/tests/TestKeePass2XmlReader.cpp
index af075d7c4..186010c4d 100644
--- a/tests/TestKeePass2XmlReader.cpp
+++ b/tests/TestKeePass2XmlReader.cpp
@@ -370,6 +370,8 @@ void TestKeePass2XmlReader::testBroken_data()
QTest::newRow("BrokenNoGroupUuid") << "BrokenNoGroupUuid";
QTest::newRow("BrokenNoEntryUuid") << "BrokenNoEntryUuid";
QTest::newRow("BrokenNoRootGroup") << "BrokenNoRootGroup";
+ QTest::newRow("BrokenTwoRoots") << "BrokenTwoRoots";
+ QTest::newRow("BrokenTwoRootGroups") << "BrokenTwoRootGroups";
}
void TestKeePass2XmlReader::cleanupTestCase()
diff --git a/tests/data/BrokenTwoRootGroups.xml b/tests/data/BrokenTwoRootGroups.xml
new file mode 100644
index 000000000..b49865ae0
--- /dev/null
+++ b/tests/data/BrokenTwoRootGroups.xml
@@ -0,0 +1,13 @@
+
+
+
+
+ lmU+9n0aeESKZvcEze+bRg==
+ Test
+
+
+ AaUYVdXsI02h4T1RiAlgtg==
+ Test
+
+
+
diff --git a/tests/data/BrokenTwoRoots.xml b/tests/data/BrokenTwoRoots.xml
new file mode 100644
index 000000000..3808981f9
--- /dev/null
+++ b/tests/data/BrokenTwoRoots.xml
@@ -0,0 +1,15 @@
+
+
+
+
+ lmU+9n0aeESKZvcEze+bRg==
+ Test
+
+
+
+
+ AaUYVdXsI02h4T1RiAlgtg==
+ Test
+
+
+