mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2024-12-25 23:39:45 -05:00
Check XML key file for valid base64 before using it.
QByteArray::fromBase64() doesn't validate the input. Closes #366
This commit is contained in:
parent
820941fd40
commit
2fa531745f
@ -160,6 +160,16 @@ bool isHex(const QByteArray& ba)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool isBase64(const QByteArray& ba)
|
||||
{
|
||||
QRegExp regexp("^(?:[a-z0-9+/]{4})*(?:[a-z0-9+/]{3}=|[a-z0-9+/]{2}==)?$",
|
||||
Qt::CaseInsensitive, QRegExp::RegExp2);
|
||||
|
||||
QString base64 = QString::fromLatin1(ba.constData(), ba.size());
|
||||
|
||||
return regexp.exactMatch(base64);
|
||||
}
|
||||
|
||||
void sleep(int ms)
|
||||
{
|
||||
Q_ASSERT(ms >= 0);
|
||||
|
@ -35,6 +35,7 @@ bool readAllFromDevice(QIODevice* device, QByteArray& data);
|
||||
QDateTime currentDateTimeUtc();
|
||||
QString imageReaderFilter();
|
||||
bool isHex(const QByteArray& ba);
|
||||
bool isBase64(const QByteArray& ba);
|
||||
void sleep(int ms);
|
||||
void wait(int ms);
|
||||
QString platform();
|
||||
|
@ -211,7 +211,10 @@ QByteArray FileKey::loadXmlKey(QXmlStreamReader& xmlReader)
|
||||
while (!xmlReader.error() && xmlReader.readNextStartElement()) {
|
||||
if (xmlReader.name() == "Data") {
|
||||
// TODO: do we need to enforce a specific data.size()?
|
||||
data = QByteArray::fromBase64(xmlReader.readElementText().toLatin1());
|
||||
QByteArray rawData = xmlReader.readElementText().toLatin1();
|
||||
if (Tools::isBase64(rawData)) {
|
||||
data = QByteArray::fromBase64(rawData);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -113,6 +113,7 @@ void TestKeys::testFileKey_data()
|
||||
{
|
||||
QTest::addColumn<QString>("type");
|
||||
QTest::newRow("Xml") << QString("Xml");
|
||||
QTest::newRow("XmlBrokenBase64") << QString("XmlBrokenBase64");
|
||||
QTest::newRow("Binary") << QString("Binary");
|
||||
QTest::newRow("Hex") << QString("Hex");
|
||||
QTest::newRow("Hashed") << QString("Hashed");
|
||||
|
BIN
tests/data/FileKeyXmlBrokenBase64.kdbx
Normal file
BIN
tests/data/FileKeyXmlBrokenBase64.kdbx
Normal file
Binary file not shown.
9
tests/data/FileKeyXmlBrokenBase64.key
Normal file
9
tests/data/FileKeyXmlBrokenBase64.key
Normal file
@ -0,0 +1,9 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<KeyFile>
|
||||
<Meta>
|
||||
<Version>1.00</Version>
|
||||
</Meta>
|
||||
<Key>
|
||||
<Data>yy</Data>
|
||||
</Key>
|
||||
</KeyFile>
|
Loading…
Reference in New Issue
Block a user