From 353d08daf6f1dab27353c373c178e1f94ac2e3c6 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 19 May 2019 09:54:40 +0200 Subject: [PATCH] handle regression due to base58 stripping NULL bytes, discovered via JSVerify RNG state 0dec6b2a5f04d19873 --- js/privatebin.js | 4 +++- js/test/Model.js | 24 ++++++------------------ tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 4 files changed, 11 insertions(+), 21 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index b0267d49..abc89409 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -1140,7 +1140,9 @@ jQuery.PrivateBin = (function($, RawDeflate) { // version 2 uses base58, version 1 uses base64 without decoding try { - symmetricKey = CryptTool.base58decode(newKey); + // base58 encode strips NULL bytes at the beginning of the + // string, so we re-add them if necessary + symmetricKey = CryptTool.base58decode(newKey).padStart(32, '\u0000'); } catch(e) { symmetricKey = newKey; } diff --git a/js/test/Model.js b/js/test/Model.js index f9da34a3..57aa22ec 100644 --- a/js/test/Model.js +++ b/js/test/Model.js @@ -138,7 +138,7 @@ describe('Model', function () { jsc.array(common.jscQueryString()), 'nestring', function (schema, address, query, fragment) { - const fragmentString = common.btoa(fragment.padStart(32, String.fromCharCode(0))); + const fragmentString = common.btoa(fragment.padStart(32, '\u0000')); let clean = jsdom('', { url: schema.join('') + '://' + address.join('') + '/?' + query.join('') + '#' + fragmentString @@ -157,7 +157,7 @@ describe('Model', function () { 'nestring', jsc.array(common.jscHashString()), function (schema, address, query, fragment, trail) { - const fragmentString = common.btoa(fragment.padStart(32, String.fromCharCode(0))); + const fragmentString = common.btoa(fragment.padStart(32, '\u0000')); let clean = jsdom('', { url: schema.join('') + '://' + address.join('') + '/?' + query.join('') + '#' + fragmentString + '&' + trail.join('') @@ -175,14 +175,8 @@ describe('Model', function () { jsc.array(common.jscQueryString()), 'nestring', function (schema, address, query, fragment) { - // base58 strips leading NULL bytes - while(fragment.charAt(0) === '\u0000') { - fragment = fragment.substr(1); - } - // string may not be empty (when only NULL bytes and trimmed) - if (fragment.length === 0) { - return true; - } + // base58 strips leading NULL bytes, so the string is padded with these if not found + fragment = fragment.padStart(32, '\u0000'); let fragmentString = $.PrivateBin.CryptTool.base58encode(fragment), clean = jsdom('', { url: schema.join('') + '://' + address.join('') + @@ -202,14 +196,8 @@ describe('Model', function () { 'nestring', jsc.array(common.jscHashString()), function (schema, address, query, fragment, trail) { - // base58 strips leading NULL bytes - while(fragment.charAt(0) === '\u0000') { - fragment = fragment.substr(1); - } - // string may not be empty (when only NULL bytes and trimmed) - if (fragment.length === 0) { - return true; - } + // base58 strips leading NULL bytes, so the string is padded with these if not found + fragment = fragment.padStart(32, '\u0000'); let fragmentString = $.PrivateBin.CryptTool.base58encode(fragment), clean = jsdom('', { url: schema.join('') + '://' + address.join('') + '/?' + diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 8bc033a0..25f308c7 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -72,7 +72,7 @@ if ($MARKDOWN): endif; ?> - + diff --git a/tpl/page.php b/tpl/page.php index 4d88b0db..82d365ad 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -50,7 +50,7 @@ if ($MARKDOWN): endif; ?> - +