Check XML key file for valid base64 before using it.

QByteArray::fromBase64() doesn't validate the input.

Closes #366
This commit is contained in:
Felix Geyer 2015-11-01 18:30:50 +01:00
parent 820941fd40
commit 2fa531745f
6 changed files with 25 additions and 1 deletions

View File

@ -160,6 +160,16 @@ bool isHex(const QByteArray& ba)
return true;
}
bool isBase64(const QByteArray& ba)
{
QRegExp regexp("^(?:[a-z0-9+/]{4})*(?:[a-z0-9+/]{3}=|[a-z0-9+/]{2}==)?$",
Qt::CaseInsensitive, QRegExp::RegExp2);
QString base64 = QString::fromLatin1(ba.constData(), ba.size());
return regexp.exactMatch(base64);
}
void sleep(int ms)
{
Q_ASSERT(ms >= 0);

View File

@ -35,6 +35,7 @@ bool readAllFromDevice(QIODevice* device, QByteArray& data);
QDateTime currentDateTimeUtc();
QString imageReaderFilter();
bool isHex(const QByteArray& ba);
bool isBase64(const QByteArray& ba);
void sleep(int ms);
void wait(int ms);
QString platform();

View File

@ -211,7 +211,10 @@ QByteArray FileKey::loadXmlKey(QXmlStreamReader& xmlReader)
while (!xmlReader.error() && xmlReader.readNextStartElement()) {
if (xmlReader.name() == "Data") {
// TODO: do we need to enforce a specific data.size()?
data = QByteArray::fromBase64(xmlReader.readElementText().toLatin1());
QByteArray rawData = xmlReader.readElementText().toLatin1();
if (Tools::isBase64(rawData)) {
data = QByteArray::fromBase64(rawData);
}
}
}

View File

@ -113,6 +113,7 @@ void TestKeys::testFileKey_data()
{
QTest::addColumn<QString>("type");
QTest::newRow("Xml") << QString("Xml");
QTest::newRow("XmlBrokenBase64") << QString("XmlBrokenBase64");
QTest::newRow("Binary") << QString("Binary");
QTest::newRow("Hex") << QString("Hex");
QTest::newRow("Hashed") << QString("Hashed");

Binary file not shown.

View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<KeyFile>
<Meta>
<Version>1.00</Version>
</Meta>
<Key>
<Data>yy</Data>
</Key>
</KeyFile>