soutade/gPass
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

Index for new crypto scheme was badly computed in webextension

Browse Source
This commit is contained in:
Grégory Soutadé
2017-07-08 08:39:22 +02:00
parent 0caa8a66e1
commit 65821a4e47
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
chrome_addon/lib/main.js
View File

@@ -1,5 +1,5 @@
/*
Copyright (C) 2013-2016 Grégory Soutadé
Copyright (C) 2013-2017 Grégory Soutadé
This file is part of gPass.
@@ -19,6 +19,8 @@
var DEBUG = true;
var protocol_version = 4;
var account_url = null;
var crypto_v2_logins_size=0;
SERVER = {OK : 0, FAILED : 1, RESTART_REQUEST : 2};
@@ -71,6 +73,7 @@ async function generate_request(domain, login, mkey, iv, old)
async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
{
account_url = await getPref("account_url");
var salt = parseURI.parseUri(account_url);
salt = salt["host"] + salt["path"];
@@ -101,6 +104,7 @@ async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
if (await getPref("crypto_v1_compatible"))
{
crypto_v2_logins_size = key_index;
for(a=0; a<logins.length; a++, key_index++)
{
enc = await generate_request(domain, logins[a], mkey, global_iv, 1);
@@ -211,12 +215,14 @@ async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
}
if (ret != SERVER.OK)
{
return;
}
if (ciphered_password != "")
{
debug("Ciphered password : " + ciphered_password);
if (matched_key >= logins.logins || server_protocol_version < 4)
if (matched_key >= crypto_v2_logins_size || server_protocol_version < 4)
// Crypto v1
{
clear_password = await decrypt_ecb(mkey, hex2a(ciphered_password));
@@ -260,8 +266,8 @@ async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
notify("Error",
"Error");
}, false);
debug("connect to " + await getPref("account_url"));
gPassRequest.open("POST", await getPref("account_url"), true);
debug("connect to " + account_url);
gPassRequest.open("POST", account_url, true);
gPassRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
gPassRequest.send(keys);
@@ -434,4 +440,4 @@ async function self_test()
console.log("Self test OK !");
}
self_test();
//self_test();