bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-11 22:03:36 +00:00
Code Issues Releases Wiki Activity

fix fencepost errors in padded data packer (#8631)

Browse Source 
Unit tests trim vertical pipes when appear in the data packer's JSON data, but electron is not as forgiving. It throws errors in this situation. This fixes the error by trimming the pipes before b64 decoding the result.
This commit is contained in:
✨ Audrey ✨
2024-04-05 13:03:04 -04:00
committed by GitHub
parent 574285abd0
commit edf35a9ad1
1 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
libs/common/src/tools/generator/state/padded-data-packer.ts
View File

@@ -58,11 +58,12 @@ export class PaddedDataPacker extends DataPackerAbstraction {
/** {@link DataPackerAbstraction.unpack} */ /** {@link DataPackerAbstraction.unpack} */
unpack<Secret>(secret: string): Jsonify<Secret> { unpack<Secret>(secret: string): Jsonify<Secret> {
// frame size is stored before the JSON payload in base 10 // frame size is stored before the JSON payload in base 10
const frameBreakpoint = secret.indexOf(DATA_PACKING.divider); const frameEndIndex = secret.indexOf(DATA_PACKING.divider);
if (frameBreakpoint < 1) { if (frameEndIndex < 1) {
throw new Error("missing frame size"); throw new Error("missing frame size");
} }
const frameSize = parseInt(secret.slice(0, frameBreakpoint), 10); const frameSize = parseInt(secret.slice(0, frameEndIndex), 10);
const dataStartIndex = frameEndIndex + 1;
// The decrypted string should be a multiple of the frame length // The decrypted string should be a multiple of the frame length
if (secret.length % frameSize > 0) { if (secret.length % frameSize > 0) {
@@ -70,20 +71,20 @@ export class PaddedDataPacker extends DataPackerAbstraction {
} }
// encoded data terminates with the divider, followed by the padding character // encoded data terminates with the divider, followed by the padding character
const jsonBreakpoint = secret.lastIndexOf(DATA_PACKING.divider); const dataEndIndex = secret.lastIndexOf(DATA_PACKING.divider);
if (jsonBreakpoint == frameBreakpoint) { if (dataEndIndex == frameEndIndex) {
throw new Error("missing json object"); throw new Error("missing json object");
} }
const paddingBegins = jsonBreakpoint + 1; const paddingStartIndex = dataEndIndex + 1;
// If the padding contains invalid padding characters then the padding could be used // If the padding contains invalid padding characters then the padding could be used
// as a side channel for arbitrary data. // as a side channel for arbitrary data.
if (secret.slice(paddingBegins).match(DATA_PACKING.hasInvalidPadding)) { if (secret.slice(paddingStartIndex).match(DATA_PACKING.hasInvalidPadding)) {
throw new Error("invalid padding"); throw new Error("invalid padding");
} }
// remove frame size and padding // remove frame size and padding
const b64 = secret.substring(frameBreakpoint, paddingBegins); const b64 = secret.slice(dataStartIndex, dataEndIndex);
// unpack the stored data // unpack the stored data
const json = Utils.fromB64ToUtf8(b64); const json = Utils.fromB64ToUtf8(b64);