Check XML key file for valid base64 before using it.

QByteArray::fromBase64() doesn't validate the input. Closes #366
2025-08-03 12:06:25 -04:00 · 2015-11-01 18:30:50 +01:00 · 2015-11-01 18:30:50 +01:00 · 2fa531745f
commit 2fa531745f
parent 820941fd40
6 changed files with 25 additions and 1 deletions
--- a/src/core/Tools.cpp
+++ b/src/core/Tools.cpp
@ -160,6 +160,16 @@ bool isHex(const QByteArray& ba)
    return true;
 }

+bool isBase64(const QByteArray& ba)
+{
+    QRegExp regexp("^(?:[a-z0-9+/]{4})*(?:[a-z0-9+/]{3}=|[a-z0-9+/]{2}==)?$",
+                   Qt::CaseInsensitive, QRegExp::RegExp2);
+
+    QString base64 = QString::fromLatin1(ba.constData(), ba.size());
+
+    return regexp.exactMatch(base64);
+}
+
 void sleep(int ms)
 {
    Q_ASSERT(ms >= 0);
--- a/src/core/Tools.h
+++ b/src/core/Tools.h
@ -35,6 +35,7 @@ bool readAllFromDevice(QIODevice* device, QByteArray& data);
 QDateTime currentDateTimeUtc();
 QString imageReaderFilter();
 bool isHex(const QByteArray& ba);
+bool isBase64(const QByteArray& ba);
 void sleep(int ms);
 void wait(int ms);
 QString platform();
--- a/src/keys/FileKey.cpp
+++ b/src/keys/FileKey.cpp
@ -211,7 +211,10 @@ QByteArray FileKey::loadXmlKey(QXmlStreamReader& xmlReader)
    while (!xmlReader.error() && xmlReader.readNextStartElement()) {
        if (xmlReader.name() == "Data") {
            // TODO: do we need to enforce a specific data.size()?
-            data = QByteArray::fromBase64(xmlReader.readElementText().toLatin1());
+            QByteArray rawData = xmlReader.readElementText().toLatin1();
+            if (Tools::isBase64(rawData)) {
+                data = QByteArray::fromBase64(rawData);
+            }
        }
    }