jacobpascual/keepassxc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure challenge-response key buffer is properly cleared.

Browse Source 
The challenge-response key buffer is explicitly cleared
before the key transformation if no such key is configured
to ensure one is never injected into the hash even if the
database had a challenge-response key previously.

This patch also adds extensive tests for verifying that a
key change will not add any expired key material to the hash.

Fixes #4146
This commit is contained in:
Janek Bevendorff
2020-01-10 02:11:43 +01:00
parent cba8947ee8
commit 247ebf5a35
7 changed files with 235 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/TestKeePass2Format.h
View File

@@ -62,6 +62,8 @@ private slots:
void testKdbxAttachments();
void testKdbxNonAsciiPasswords();
void testKdbxDeviceFailure();
void testKdbxKeyChange();
void testKdbxKeyChange_data();
void testDuplicateAttachments();
protected:
@@ -84,6 +86,8 @@ protected:
QString& errorString) = 0;
virtual void writeKdbx(QIODevice* device, Database* db, bool& hasError, QString& errorString) = 0;
QSharedPointer<Kdf> fastKdf(QSharedPointer<Kdf> kdf) const;
QSharedPointer<Database> m_xmlDb;
QSharedPointer<Database> m_kdbxSourceDb;
QSharedPointer<Database> m_kdbxTargetDb;