From 310955513724d95ed700bc2312c022822ea94e86 Mon Sep 17 00:00:00 2001 From: Sean Colyer Date: Mon, 7 May 2012 21:39:43 -0400 Subject: [PATCH] Added some verification to keyring to check valid email address is being queried. Added a regex to util.js that we can use throughout. --- resources/openpgp.js | 10 ++++++++-- resources/openpgp.min.js | 18 +++++++++--------- src/openpgp.keyring.js | 8 ++++++-- src/util/util.js | 2 ++ 4 files changed, 25 insertions(+), 13 deletions(-) diff --git a/resources/openpgp.js b/resources/openpgp.js index 005ca9ea..617940bf 100644 --- a/resources/openpgp.js +++ b/resources/openpgp.js @@ -13638,8 +13638,10 @@ function openpgp_keyring() { } else { email = email_address.trim(); } + if(!util.emailRegEx.test(email)){ + return results; + } for (var i =0; i < this.publicKeys.length; i++) { - for (var j = 0; j < this.publicKeys[i].obj.userIds.length; j++) { if (this.publicKeys[i].obj.userIds[j].text.indexOf(email) >= 0) results[results.length] = this.publicKeys[i]; @@ -13663,8 +13665,10 @@ function openpgp_keyring() { } else { email = email_address.trim(); } + if(!util.emailRegEx.test(email)){ + return results; + } for (var i =0; i < this.privateKeys.length; i++) { - for (var j = 0; j < this.privateKeys[i].obj.userIds.length; j++) { if (this.privateKeys[i].obj.userIds[j].text.indexOf(email) >= 0) results[results.length] = this.privateKeys[i]; @@ -13806,6 +13810,8 @@ function openpgp_keyring() { // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA var Util = function() { + + this.emailRegEx = /[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/; this.hexdump = function(str) { var r=[]; diff --git a/resources/openpgp.min.js b/resources/openpgp.min.js index 3310e91d..0b509168 100644 --- a/resources/openpgp.min.js +++ b/resources/openpgp.min.js @@ -480,15 +480,15 @@ function openpgp_type_s2k(){this.read=function(a,b){var c=b;this.type=a[c++].cha this.type)}return this};this.write=function(a,b,c,d,e){this.type=a;if(3==this.type)this.saltValue=d,this.hashAlgorithm=b,this.count=16+(e&15)<<(e>>4)+6,this.s2kLength=10;return this.produce_key(c)};this.produce_key=function(a,b){if(0==this.type)return openpgp_crypto_hashData(this.hashAlgorithm,a);if(1==this.type)return openpgp_crypto_hashData(this.hashAlgorithm,this.saltValue+a);if(3==this.type){var c=[];for(c[0]=this.saltValue+a;c.length*(this.saltValue+a).lengththis.count&&(c=c.substr(0,this.count));return b&&(24==b||32==b)?openpgp_crypto_hashData(this.hashAlgorithm,c)+openpgp_crypto_hashData(this.hashAlgorithm,String.fromCharCode(0)+c):openpgp_crypto_hashData(this.hashAlgorithm,c)}return null}} function openpgp_keyring(){this.init=function(){var a=JSON.parse(window.localStorage.getItem("privatekeys")),b=JSON.parse(window.localStorage.getItem("publickeys"));if(null==a||0==a.length)a=[];if(null==b||0==b.length)b=[];this.publicKeys=[];this.privateKeys=[];for(var c=0,d=0;d")[0]: -a.trim(),a=0;a")[0]:a.trim(),a=0;ae.length;)e="0"+e;b.push(" "+e);f++;0==f%32&&b.push("\n ")}return b.join("")};this.hexstrdump=function(a){if(null==a)return"";for(var b=[],c=a.length,d=0,e;de.length;)e="0"+e;b.push(""+e)}return b.join("")};this.hex2bin=function(a){for(var b="",c=0;ce.length;)e="0"+e;b.push(""+e)}return b.join("")};this.str2bin=function(a){for(var b=[],c=0;c

'+a.replace(/\n/g,"
")+"

"))};this.print_debug_hexstr_dump= -function(a,b){openpgp.config.debug&&(a+=this.hexstrdump(b),a=openpgp_encoding_html_encode(a),showMessages('

'+a.replace(/\n/g,"
")+"

"))};this.print_error=function(a){a=openpgp_encoding_html_encode(a);showMessages('

ERROR:\t'+ +obj:e[0],keyId:e[0].getKeyId()},c++)};this.hasPrivateKey=function(){return 0")[0]: +a.trim();if(!util.emailRegEx.test(d))return b;for(a=0;a")[0]:a.trim();if(!util.emailRegEx.test(d))return b;for(a=0;ae.length;)e="0"+e;b.push(" "+e);f++;0==f%32&&b.push("\n ")}return b.join("")};this.hexstrdump=function(a){if(null==a)return"";for(var b=[],c=a.length,d=0,e;de.length;)e= +"0"+e;b.push(""+e)}return b.join("")};this.hex2bin=function(a){for(var b="",c=0;ce.length;)e="0"+e;b.push(""+e)}return b.join("")};this.str2bin=function(a){for(var b=[],c=0;c

'+ +a.replace(/\n/g,"
")+"

"))};this.print_debug_hexstr_dump=function(a,b){openpgp.config.debug&&(a+=this.hexstrdump(b),a=openpgp_encoding_html_encode(a),showMessages('

'+a.replace(/\n/g,"
")+"

"))};this.print_error=function(a){a=openpgp_encoding_html_encode(a);showMessages('

ERROR:\t'+ a.replace(/\n/g,"
")+"

")};this.print_info=function(a){a=openpgp_encoding_html_encode(a);showMessages('

INFO:\t'+a.replace(/\n/g,"
")+"

")};this.print_warning=function(a){a=openpgp_encoding_html_encode(a);showMessages('

WARNING:\t'+ a.replace(/\n/g,"
")+"

")};this.getLeftNBits=function(a,b){var c=b%8;return 0==c?a.substring(0,b/8):this.shiftRight(a.substring(0,(b-c)/8+1),8-c)};this.shiftRight=function(a,b){var c=util.str2bin(a);if(0!=b%8)for(var d=c.length-1;0<=d;d--)c[d]>>=b%8,0= 0) results[results.length] = this.publicKeys[i]; @@ -118,8 +120,10 @@ function openpgp_keyring() { } else { email = email_address.trim(); } + if(!util.emailRegEx.test(email)){ + return results; + } for (var i =0; i < this.privateKeys.length; i++) { - for (var j = 0; j < this.privateKeys[i].obj.userIds.length; j++) { if (this.privateKeys[i].obj.userIds[j].text.indexOf(email) >= 0) results[results.length] = this.privateKeys[i]; diff --git a/src/util/util.js b/src/util/util.js index 02cd7b69..e62475a6 100644 --- a/src/util/util.js +++ b/src/util/util.js @@ -16,6 +16,8 @@ // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA var Util = function() { + + this.emailRegEx = /[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/; this.hexdump = function(str) { var r=[];