mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-04-03 20:47:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

Ensure challenge-response key buffer is properly cleared.

Browse source 
The challenge-response key buffer is explicitly cleared
before the key transformation if no such key is configured
to ensure one is never injected into the hash even if the
database had a challenge-response key previously.

This patch also adds extensive tests for verifying that a
key change will not add any expired key material to the hash.

Fixes #4146
This commit is contained in:
Janek Bevendorff 2020-01-10 02:11:43 +01:00
parent cba8947ee8
commit 247ebf5a35
7 changed files with 235 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/TestKdbx3.cpp
View file

@ -31,6 +31,8 @@ QTEST_GUILESS_MAIN(TestKdbx3)
void TestKdbx3::initTestCaseImpl()
{
m_xmlDb->changeKdf(fastKdf(KeePass2::uuidToKdf(KeePass2::KDF_AES_KDBX3)));
m_kdbxSourceDb->changeKdf(fastKdf(KeePass2::uuidToKdf(KeePass2::KDF_AES_KDBX3)));
}
QSharedPointer<Database> TestKdbx3::readXml(const QString& path, bool strictMode, bool& hasError, QString& errorString)