From b62ad4d79c1e90ca63dafcd0edece3bcb826b087 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sun, 17 May 2015 10:36:14 +0200 Subject: [PATCH] check fingerprint length after scanning qr code Fixes #1281 --- .../operations/results/OperationResult.java | 3 +- .../keychain/ui/ImportKeysProxyActivity.java | 38 ++++++++++++------- OpenKeychain/src/main/res/values/strings.xml | 3 +- 3 files changed, 29 insertions(+), 15 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java index d39ab3695..ad7feaea6 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java @@ -711,7 +711,8 @@ public abstract class OperationResult implements Parcelable { MSG_ACC_SAVED (LogLevel.INFO, R.string.api_settings_save_msg), - MSG_WRONG_QR_CODE (LogLevel.INFO, R.string.import_qr_code_wrong), + MSG_WRONG_QR_CODE (LogLevel.ERROR, R.string.import_qr_code_wrong), + MSG_WRONG_QR_CODE_FP(LogLevel.ERROR, R.string.import_qr_code_fp), MSG_NO_VALID_ENC (LogLevel.ERROR, R.string.error_invalid_data), diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java index dc8752d1a..77fa9cc0b 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java @@ -41,6 +41,7 @@ import org.sufficientlysecure.keychain.intents.OpenKeychainIntents; import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing; import org.sufficientlysecure.keychain.operations.results.ImportKeyResult; import org.sufficientlysecure.keychain.operations.results.OperationResult; +import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; import org.sufficientlysecure.keychain.operations.results.SingletonResult; import org.sufficientlysecure.keychain.service.KeychainIntentService; import org.sufficientlysecure.keychain.service.ServiceProgressHandler; @@ -141,24 +142,35 @@ public class ImportKeysProxyActivity extends FragmentActivity { Log.d(Constants.TAG, "scanned: " + uri); // example: openpgp4fpr:73EE2314F65FA92EC2390D3A718C070100012282 - if (uri != null && uri.getScheme() != null && uri.getScheme().toLowerCase(Locale.ENGLISH).equals(Constants.FINGERPRINT_SCHEME)) { - String fingerprint = uri.getEncodedSchemeSpecificPart().toLowerCase(Locale.ENGLISH); - - if (ACTION_SCAN_WITH_RESULT.equals(action)) { - Intent result = new Intent(); - result.putExtra(EXTRA_FINGERPRINT, fingerprint); - setResult(RESULT_OK, result); - finish(); - } else { - importKeys(fingerprint); - } - } else { + if (uri == null || uri.getScheme() == null || + !uri.getScheme().toLowerCase(Locale.ENGLISH).equals(Constants.FINGERPRINT_SCHEME)) { SingletonResult result = new SingletonResult( - SingletonResult.RESULT_ERROR, OperationResult.LogType.MSG_WRONG_QR_CODE); + SingletonResult.RESULT_ERROR, LogType.MSG_WRONG_QR_CODE); Intent intent = new Intent(); intent.putExtra(SingletonResult.EXTRA_RESULT, result); returnResult(intent); + return; } + + String fingerprint = uri.getEncodedSchemeSpecificPart().toLowerCase(Locale.ENGLISH); + if (fingerprint.matches("[a-fA-F0-9]{40}")) { + SingletonResult result = new SingletonResult( + SingletonResult.RESULT_ERROR, LogType.MSG_WRONG_QR_CODE_FP); + Intent intent = new Intent(); + intent.putExtra(SingletonResult.EXTRA_RESULT, result); + returnResult(intent); + return; + } + + if (ACTION_SCAN_WITH_RESULT.equals(action)) { + Intent result = new Intent(); + result.putExtra(EXTRA_FINGERPRINT, fingerprint); + setResult(RESULT_OK, result); + finish(); + } else { + importKeys(fingerprint); + } + } public void returnResult(Intent data) { diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml index 504c9497c..d09c60b0f 100644 --- a/OpenKeychain/src/main/res/values/strings.xml +++ b/OpenKeychain/src/main/res/values/strings.xml @@ -408,7 +408,8 @@ "QR Code/NFC" "Import selected keys" "QR Code malformed! Please try again!" - "Fingerprint is too short (< 16 characters)" + "Fingerprint is malformed or too short!" + "Fingerprint is too short!" "Scan QR Code" "Place your camera over the QR Code!"