Check XML key file for valid base64 before using it.

QByteArray::fromBase64() doesn't validate the input.

Closes #366

src/core/Tools.cpp

@@ -160,6 +160,16 @@ bool isHex(const QByteArray& ba)
     return true;
 }
 
+bool isBase64(const QByteArray& ba)
+{
+    QRegExp regexp("^(?:[a-z0-9+/]{4})*(?:[a-z0-9+/]{3}=|[a-z0-9+/]{2}==)?$",
+                   Qt::CaseInsensitive, QRegExp::RegExp2);
+
+    QString base64 = QString::fromLatin1(ba.constData(), ba.size());
+
+    return regexp.exactMatch(base64);
+}
+
 void sleep(int ms)
 {
     Q_ASSERT(ms >= 0);

src/core/Tools.h

@@ -35,6 +35,7 @@ bool readAllFromDevice(QIODevice* device, QByteArray& data);
 QDateTime currentDateTimeUtc();
 QString imageReaderFilter();
 bool isHex(const QByteArray& ba);
+bool isBase64(const QByteArray& ba);
 void sleep(int ms);
 void wait(int ms);
 QString platform();

src/keys/FileKey.cpp

@@ -211,7 +211,10 @@ QByteArray FileKey::loadXmlKey(QXmlStreamReader& xmlReader)
     while (!xmlReader.error() && xmlReader.readNextStartElement()) {
         if (xmlReader.name() == "Data") {
             // TODO: do we need to enforce a specific data.size()?
-            data = QByteArray::fromBase64(xmlReader.readElementText().toLatin1());
+            QByteArray rawData = xmlReader.readElementText().toLatin1();
+            if (Tools::isBase64(rawData)) {
+                data = QByteArray::fromBase64(rawData);
+            }
         }
     }
 

tests/TestKeys.cpp

@@ -113,6 +113,7 @@ void TestKeys::testFileKey_data()
 {
     QTest::addColumn<QString>("type");
     QTest::newRow("Xml") << QString("Xml");
+    QTest::newRow("XmlBrokenBase64") << QString("XmlBrokenBase64");
     QTest::newRow("Binary") << QString("Binary");
     QTest::newRow("Hex") << QString("Hex");
     QTest::newRow("Hashed") << QString("Hashed");

tests/data/FileKeyXmlBrokenBase64.key

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<KeyFile>
+	<Meta>
+		<Version>1.00</Version>
+	</Meta>
+	<Key>
+		<Data>yy</Data>
+	</Key>
+</KeyFile>