handle regression due to base58 stripping NULL bytes, discovered via JSVerify RNG state 0dec6b2a5f04d19873
This commit is contained in:
parent
909ff2daa7
commit
353d08daf6
4 changed files with 11 additions and 21 deletions
|
@ -1140,7 +1140,9 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
|
|
||||||
// version 2 uses base58, version 1 uses base64 without decoding
|
// version 2 uses base58, version 1 uses base64 without decoding
|
||||||
try {
|
try {
|
||||||
symmetricKey = CryptTool.base58decode(newKey);
|
// base58 encode strips NULL bytes at the beginning of the
|
||||||
|
// string, so we re-add them if necessary
|
||||||
|
symmetricKey = CryptTool.base58decode(newKey).padStart(32, '\u0000');
|
||||||
} catch(e) {
|
} catch(e) {
|
||||||
symmetricKey = newKey;
|
symmetricKey = newKey;
|
||||||
}
|
}
|
||||||
|
|
|
@ -138,7 +138,7 @@ describe('Model', function () {
|
||||||
jsc.array(common.jscQueryString()),
|
jsc.array(common.jscQueryString()),
|
||||||
'nestring',
|
'nestring',
|
||||||
function (schema, address, query, fragment) {
|
function (schema, address, query, fragment) {
|
||||||
const fragmentString = common.btoa(fragment.padStart(32, String.fromCharCode(0)));
|
const fragmentString = common.btoa(fragment.padStart(32, '\u0000'));
|
||||||
let clean = jsdom('', {
|
let clean = jsdom('', {
|
||||||
url: schema.join('') + '://' + address.join('') +
|
url: schema.join('') + '://' + address.join('') +
|
||||||
'/?' + query.join('') + '#' + fragmentString
|
'/?' + query.join('') + '#' + fragmentString
|
||||||
|
@ -157,7 +157,7 @@ describe('Model', function () {
|
||||||
'nestring',
|
'nestring',
|
||||||
jsc.array(common.jscHashString()),
|
jsc.array(common.jscHashString()),
|
||||||
function (schema, address, query, fragment, trail) {
|
function (schema, address, query, fragment, trail) {
|
||||||
const fragmentString = common.btoa(fragment.padStart(32, String.fromCharCode(0)));
|
const fragmentString = common.btoa(fragment.padStart(32, '\u0000'));
|
||||||
let clean = jsdom('', {
|
let clean = jsdom('', {
|
||||||
url: schema.join('') + '://' + address.join('') + '/?' +
|
url: schema.join('') + '://' + address.join('') + '/?' +
|
||||||
query.join('') + '#' + fragmentString + '&' + trail.join('')
|
query.join('') + '#' + fragmentString + '&' + trail.join('')
|
||||||
|
@ -175,14 +175,8 @@ describe('Model', function () {
|
||||||
jsc.array(common.jscQueryString()),
|
jsc.array(common.jscQueryString()),
|
||||||
'nestring',
|
'nestring',
|
||||||
function (schema, address, query, fragment) {
|
function (schema, address, query, fragment) {
|
||||||
// base58 strips leading NULL bytes
|
// base58 strips leading NULL bytes, so the string is padded with these if not found
|
||||||
while(fragment.charAt(0) === '\u0000') {
|
fragment = fragment.padStart(32, '\u0000');
|
||||||
fragment = fragment.substr(1);
|
|
||||||
}
|
|
||||||
// string may not be empty (when only NULL bytes and trimmed)
|
|
||||||
if (fragment.length === 0) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
let fragmentString = $.PrivateBin.CryptTool.base58encode(fragment),
|
let fragmentString = $.PrivateBin.CryptTool.base58encode(fragment),
|
||||||
clean = jsdom('', {
|
clean = jsdom('', {
|
||||||
url: schema.join('') + '://' + address.join('') +
|
url: schema.join('') + '://' + address.join('') +
|
||||||
|
@ -202,14 +196,8 @@ describe('Model', function () {
|
||||||
'nestring',
|
'nestring',
|
||||||
jsc.array(common.jscHashString()),
|
jsc.array(common.jscHashString()),
|
||||||
function (schema, address, query, fragment, trail) {
|
function (schema, address, query, fragment, trail) {
|
||||||
// base58 strips leading NULL bytes
|
// base58 strips leading NULL bytes, so the string is padded with these if not found
|
||||||
while(fragment.charAt(0) === '\u0000') {
|
fragment = fragment.padStart(32, '\u0000');
|
||||||
fragment = fragment.substr(1);
|
|
||||||
}
|
|
||||||
// string may not be empty (when only NULL bytes and trimmed)
|
|
||||||
if (fragment.length === 0) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
let fragmentString = $.PrivateBin.CryptTool.base58encode(fragment),
|
let fragmentString = $.PrivateBin.CryptTool.base58encode(fragment),
|
||||||
clean = jsdom('', {
|
clean = jsdom('', {
|
||||||
url: schema.join('') + '://' + address.join('') + '/?' +
|
url: schema.join('') + '://' + address.join('') + '/?' +
|
||||||
|
|
|
@ -72,7 +72,7 @@ if ($MARKDOWN):
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-TSifriilo4vMoDqvA2clM4dX0ywBJnYZTnx417dJYydyAfu1sH3WIR5DhqxrAyn1p4wo1pS0z2JbyoDxRSO7Zg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-30YZX80ZfNAAMVDZdnHCp8rY1X66o9LhQ1LShA0JqGtFfvboDuoX9z9fuv/gIvo/MBs8qH6/14omf0bFlmnXkg==" crossorigin="anonymous"></script>
|
||||||
<!--[if lt IE 10]>
|
<!--[if lt IE 10]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
|
|
@ -50,7 +50,7 @@ if ($MARKDOWN):
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-TSifriilo4vMoDqvA2clM4dX0ywBJnYZTnx417dJYydyAfu1sH3WIR5DhqxrAyn1p4wo1pS0z2JbyoDxRSO7Zg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-30YZX80ZfNAAMVDZdnHCp8rY1X66o9LhQ1LShA0JqGtFfvboDuoX9z9fuv/gIvo/MBs8qH6/14omf0bFlmnXkg==" crossorigin="anonymous"></script>
|
||||||
<!--[if lt IE 10]>
|
<!--[if lt IE 10]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
|
Loading…
Reference in a new issue