mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2024-12-27 00:09:53 -05:00
Check XML key file for valid base64 before using it.
QByteArray::fromBase64() doesn't validate the input. Closes #366
This commit is contained in:
parent
820941fd40
commit
2fa531745f
@ -160,6 +160,16 @@ bool isHex(const QByteArray& ba)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool isBase64(const QByteArray& ba)
|
||||||
|
{
|
||||||
|
QRegExp regexp("^(?:[a-z0-9+/]{4})*(?:[a-z0-9+/]{3}=|[a-z0-9+/]{2}==)?$",
|
||||||
|
Qt::CaseInsensitive, QRegExp::RegExp2);
|
||||||
|
|
||||||
|
QString base64 = QString::fromLatin1(ba.constData(), ba.size());
|
||||||
|
|
||||||
|
return regexp.exactMatch(base64);
|
||||||
|
}
|
||||||
|
|
||||||
void sleep(int ms)
|
void sleep(int ms)
|
||||||
{
|
{
|
||||||
Q_ASSERT(ms >= 0);
|
Q_ASSERT(ms >= 0);
|
||||||
|
@ -35,6 +35,7 @@ bool readAllFromDevice(QIODevice* device, QByteArray& data);
|
|||||||
QDateTime currentDateTimeUtc();
|
QDateTime currentDateTimeUtc();
|
||||||
QString imageReaderFilter();
|
QString imageReaderFilter();
|
||||||
bool isHex(const QByteArray& ba);
|
bool isHex(const QByteArray& ba);
|
||||||
|
bool isBase64(const QByteArray& ba);
|
||||||
void sleep(int ms);
|
void sleep(int ms);
|
||||||
void wait(int ms);
|
void wait(int ms);
|
||||||
QString platform();
|
QString platform();
|
||||||
|
@ -211,7 +211,10 @@ QByteArray FileKey::loadXmlKey(QXmlStreamReader& xmlReader)
|
|||||||
while (!xmlReader.error() && xmlReader.readNextStartElement()) {
|
while (!xmlReader.error() && xmlReader.readNextStartElement()) {
|
||||||
if (xmlReader.name() == "Data") {
|
if (xmlReader.name() == "Data") {
|
||||||
// TODO: do we need to enforce a specific data.size()?
|
// TODO: do we need to enforce a specific data.size()?
|
||||||
data = QByteArray::fromBase64(xmlReader.readElementText().toLatin1());
|
QByteArray rawData = xmlReader.readElementText().toLatin1();
|
||||||
|
if (Tools::isBase64(rawData)) {
|
||||||
|
data = QByteArray::fromBase64(rawData);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -113,6 +113,7 @@ void TestKeys::testFileKey_data()
|
|||||||
{
|
{
|
||||||
QTest::addColumn<QString>("type");
|
QTest::addColumn<QString>("type");
|
||||||
QTest::newRow("Xml") << QString("Xml");
|
QTest::newRow("Xml") << QString("Xml");
|
||||||
|
QTest::newRow("XmlBrokenBase64") << QString("XmlBrokenBase64");
|
||||||
QTest::newRow("Binary") << QString("Binary");
|
QTest::newRow("Binary") << QString("Binary");
|
||||||
QTest::newRow("Hex") << QString("Hex");
|
QTest::newRow("Hex") << QString("Hex");
|
||||||
QTest::newRow("Hashed") << QString("Hashed");
|
QTest::newRow("Hashed") << QString("Hashed");
|
||||||
|
BIN
tests/data/FileKeyXmlBrokenBase64.kdbx
Normal file
BIN
tests/data/FileKeyXmlBrokenBase64.kdbx
Normal file
Binary file not shown.
9
tests/data/FileKeyXmlBrokenBase64.key
Normal file
9
tests/data/FileKeyXmlBrokenBase64.key
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<KeyFile>
|
||||||
|
<Meta>
|
||||||
|
<Version>1.00</Version>
|
||||||
|
</Meta>
|
||||||
|
<Key>
|
||||||
|
<Data>yy</Data>
|
||||||
|
</Key>
|
||||||
|
</KeyFile>
|
Loading…
Reference in New Issue
Block a user