tsiry-sandratraina.com / rockbox-zig
Rockbox open source high quality audio player as a Music Player Daemon
mpris rockbox mpd libadwaita audio rust zig deno
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

plugin otp: Fix handling of unknown otpauth uri parameters

OTP uri parameters is key value options separated by '&'.
So, we on unknown params we have to reject also everything what was
behind '&'

Example:
otpauth://totp/kek?issuer=petya%40IPARTKN.TEST&secret=1234567890&digits=6&algorithm=SHA1&period=30

"algorithm" was unknown. So, next token after it was "SHA1&period", not "period"

Change-Id: I48eb198fd46212c6422dd8eac214adafdf3a52eb

authored by

Petr Mikhalicin and committed by
Christian Soffke 4e13e69d ca57184f

+8 -8
+8 -8
apps/plugins/otp.c
··· 331 331 if(!tok) 332 332 continue; 333 333 334 + char* tok_val = rb->strtok_r(NULL, "&", &save); 335 + if(!tok_val) 336 + continue; 337 + 334 338 if(!rb->strcmp(tok, "secret")) 335 339 { 336 340 if(have_secret) ··· 339 343 goto fail; 340 344 } 341 345 have_secret = true; 342 - tok = rb->strtok_r(NULL, "&", &save); 343 - if((accounts[next_slot].sec_len = base32_decode(accounts[next_slot].secret, SECRET_MAX, tok)) <= 0) 346 + if((accounts[next_slot].sec_len = base32_decode(accounts[next_slot].secret, SECRET_MAX, tok_val)) <= 0) 344 347 goto fail; 345 348 } 346 349 else if(!rb->strcmp(tok, "counter")) ··· 350 353 rb->splash(HZ * 2, "Counter parameter specified for TOTP!? Skipping..."); 351 354 goto fail; 352 355 } 353 - tok = rb->strtok_r(NULL, "&", &save); 354 - accounts[next_slot].hotp_counter = rb->atoi(tok); 356 + accounts[next_slot].hotp_counter = rb->atoi(tok_val); 355 357 } 356 358 else if(!rb->strcmp(tok, "period")) 357 359 { ··· 360 362 rb->splash(HZ * 2, "Period parameter specified for HOTP!? Skipping..."); 361 363 goto fail; 362 364 } 363 - tok = rb->strtok_r(NULL, "&", &save); 364 - accounts[next_slot].totp_period = rb->atoi(tok); 365 + accounts[next_slot].totp_period = rb->atoi(tok_val); 365 366 } 366 367 else if(!rb->strcmp(tok, "digits")) 367 368 { 368 - tok = rb->strtok_r(NULL, "&", &save); 369 - accounts[next_slot].digits = rb->atoi(tok); 369 + accounts[next_slot].digits = rb->atoi(tok_val); 370 370 if(accounts[next_slot].digits < 1 || accounts[next_slot].digits > 9) 371 371 { 372 372 rb->splashf(HZ * 2, "Digits parameter not in acceptable range, skipping.");