kumi/Android-Password-Store
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Fix application crash when disabling cache auto-clear option and potential attack vector (#3136)

Browse source 
prevent app crash upon passphrase cache clearing
This commit is contained in:
agrahn 2024-07-25 17:19:02 +02:00 committed by GitHub
parent 720dac42d2
commit 27678892ed
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 25 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt
View file

@ -75,11 +75,31 @@ class PGPSettings(
titleRes = R.string.pref_passphrase_cache_auto_clear_title titleRes = R.string.pref_passphrase_cache_auto_clear_title
summaryRes = R.string.pref_passphrase_cache_auto_clear_summary summaryRes = R.string.pref_passphrase_cache_auto_clear_summary
defaultValue = true defaultValue = true
/* clear cache once when unchecking; this is to prevent a malicious user /* Clear the cache once when unchecking; this is to prevent a malicious user (someone
* from bypassing cache clearing via the settings */ * knowing the screen-lock pin, but not knowing the PGP passphrase) from bypassing cache
* clearing via the settings. However, clearing EncryptedSharedPreferences requires
* authentication, otherwise the app crashes. Thus, the bad user could still bypass cache
* clearing by dismissing the auhentication dialog. To prevent this, we enforce cache
* clearing to stay enabled in case of any authentication failure. */
onCheckedChange { checked -> onCheckedChange { checked ->
if (!checked) if (!checked) {
activity.lifecycleScope.launch { passphraseCache.clearAllCachedPassphrases(activity) } if (BiometricAuthenticator.canAuthenticate(activity)) {
BiometricAuthenticator.authenticate(
activity,
R.string.pref_passphrase_cache_auto_clear_authenticate_disable,
) {
if (it is BiometricAuthenticator.Result.Success) {
activity.lifecycleScope.launch {
passphraseCache.clearAllCachedPassphrases(activity)
}
} else {
activity.sharedPrefs.edit { remove(PreferenceKeys.CLEAR_PASSPHRASE_CACHE) }
}
}
} else {
activity.sharedPrefs.edit { remove(PreferenceKeys.CLEAR_PASSPHRASE_CACHE) }
}
}
true true
} }
} }

1
app/src/main/res/values/strings.xml
View file

@ -138,6 +138,7 @@
<string name="pref_passphrase_cache_title">Enable passphrase caching</string> <string name="pref_passphrase_cache_title">Enable passphrase caching</string>
<string name="pref_passphrase_cache_summary">WARNING: this feature is functional but very experimental. Requires an active screen lock.</string> <string name="pref_passphrase_cache_summary">WARNING: this feature is functional but very experimental. Requires an active screen lock.</string>
<string name="pref_passphrase_cache_authenticate_enable">Authenticate to enable cache</string> <string name="pref_passphrase_cache_authenticate_enable">Authenticate to enable cache</string>
<string name="pref_passphrase_cache_auto_clear_authenticate_disable">Authenticate to disable cache clearing</string>
<string name="pref_passphrase_cache_auto_clear_title">Automatically clear passphrase cache</string> <string name="pref_passphrase_cache_auto_clear_title">Automatically clear passphrase cache</string>
<string name="pref_passphrase_cache_auto_clear_summary">Clears the passphrase cache when the screen is turned off</string> <string name="pref_passphrase_cache_auto_clear_summary">Clears the passphrase cache when the screen is turned off</string>