mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-03-22 13:10:41 +08:00
handle regression due to base58 stripping NULL bytes, discovered via JSVerify RNG state 0dec6b2a5f04d19873
This commit is contained in:
parent
909ff2daa7
commit
353d08daf6
|
@ -1140,7 +1140,9 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
|
||||
// version 2 uses base58, version 1 uses base64 without decoding
|
||||
try {
|
||||
symmetricKey = CryptTool.base58decode(newKey);
|
||||
// base58 encode strips NULL bytes at the beginning of the
|
||||
// string, so we re-add them if necessary
|
||||
symmetricKey = CryptTool.base58decode(newKey).padStart(32, '\u0000');
|
||||
} catch(e) {
|
||||
symmetricKey = newKey;
|
||||
}
|
||||
|
|
|
@ -138,7 +138,7 @@ describe('Model', function () {
|
|||
jsc.array(common.jscQueryString()),
|
||||
'nestring',
|
||||
function (schema, address, query, fragment) {
|
||||
const fragmentString = common.btoa(fragment.padStart(32, String.fromCharCode(0)));
|
||||
const fragmentString = common.btoa(fragment.padStart(32, '\u0000'));
|
||||
let clean = jsdom('', {
|
||||
url: schema.join('') + '://' + address.join('') +
|
||||
'/?' + query.join('') + '#' + fragmentString
|
||||
|
@ -157,7 +157,7 @@ describe('Model', function () {
|
|||
'nestring',
|
||||
jsc.array(common.jscHashString()),
|
||||
function (schema, address, query, fragment, trail) {
|
||||
const fragmentString = common.btoa(fragment.padStart(32, String.fromCharCode(0)));
|
||||
const fragmentString = common.btoa(fragment.padStart(32, '\u0000'));
|
||||
let clean = jsdom('', {
|
||||
url: schema.join('') + '://' + address.join('') + '/?' +
|
||||
query.join('') + '#' + fragmentString + '&' + trail.join('')
|
||||
|
@ -175,14 +175,8 @@ describe('Model', function () {
|
|||
jsc.array(common.jscQueryString()),
|
||||
'nestring',
|
||||
function (schema, address, query, fragment) {
|
||||
// base58 strips leading NULL bytes
|
||||
while(fragment.charAt(0) === '\u0000') {
|
||||
fragment = fragment.substr(1);
|
||||
}
|
||||
// string may not be empty (when only NULL bytes and trimmed)
|
||||
if (fragment.length === 0) {
|
||||
return true;
|
||||
}
|
||||
// base58 strips leading NULL bytes, so the string is padded with these if not found
|
||||
fragment = fragment.padStart(32, '\u0000');
|
||||
let fragmentString = $.PrivateBin.CryptTool.base58encode(fragment),
|
||||
clean = jsdom('', {
|
||||
url: schema.join('') + '://' + address.join('') +
|
||||
|
@ -202,14 +196,8 @@ describe('Model', function () {
|
|||
'nestring',
|
||||
jsc.array(common.jscHashString()),
|
||||
function (schema, address, query, fragment, trail) {
|
||||
// base58 strips leading NULL bytes
|
||||
while(fragment.charAt(0) === '\u0000') {
|
||||
fragment = fragment.substr(1);
|
||||
}
|
||||
// string may not be empty (when only NULL bytes and trimmed)
|
||||
if (fragment.length === 0) {
|
||||
return true;
|
||||
}
|
||||
// base58 strips leading NULL bytes, so the string is padded with these if not found
|
||||
fragment = fragment.padStart(32, '\u0000');
|
||||
let fragmentString = $.PrivateBin.CryptTool.base58encode(fragment),
|
||||
clean = jsdom('', {
|
||||
url: schema.join('') + '://' + address.join('') + '/?' +
|
||||
|
|
|
@ -72,7 +72,7 @@ if ($MARKDOWN):
|
|||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-TSifriilo4vMoDqvA2clM4dX0ywBJnYZTnx417dJYydyAfu1sH3WIR5DhqxrAyn1p4wo1pS0z2JbyoDxRSO7Zg==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-30YZX80ZfNAAMVDZdnHCp8rY1X66o9LhQ1LShA0JqGtFfvboDuoX9z9fuv/gIvo/MBs8qH6/14omf0bFlmnXkg==" crossorigin="anonymous"></script>
|
||||
<!--[if lt IE 10]>
|
||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||
<![endif]-->
|
||||
|
|
|
@ -50,7 +50,7 @@ if ($MARKDOWN):
|
|||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-TSifriilo4vMoDqvA2clM4dX0ywBJnYZTnx417dJYydyAfu1sH3WIR5DhqxrAyn1p4wo1pS0z2JbyoDxRSO7Zg==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-30YZX80ZfNAAMVDZdnHCp8rY1X66o9LhQ1LShA0JqGtFfvboDuoX9z9fuv/gIvo/MBs8qH6/14omf0bFlmnXkg==" crossorigin="anonymous"></script>
|
||||
<!--[if lt IE 10]>
|
||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||
<![endif]-->
|
||||
|
|
Loading…
Reference in New Issue
Block a user