goebelUB
commented
3 years ago Thanks a lot for the report.
I can reproduce the crash and the iOS team will look into it.
I also tested it on Android; there the deserialiser catches it and throws a com.squareup.moshi.JsonDataException: Expected an int but was 99999999999999999999999999999999999 at path $.v[0].dn (which we catch and propagate as a decoding error).
kfmgang
Hello,
Small issue, a person could generate a QR code readable by the application (with an invalid signature), with the parameter "dn" containing the value 99999999999999999999999999999999999, the application will crashes each time the QR code is scanned, the problem is also present on Covid Cert but less problematic, indeed a possible scenario (with a bit of social engineering) is that a person creates a QR code with the payload that crashes the application and presents it to a third party (a restaurant for example), The third party can't check the validity of the certificate because the application will crashes at each scan, the third party could let the access to these services thinking that the certificate is valid and that it's a bug of the application. (Scenario maybe extreme but with a lot of chances that it works).
Only tested on IOS
Payload :
{ "ver": "1.0.0", "nam": { "fn": "foo", "fnt": "FOO", "gn": "bar", "gnt": "BAR" }, "dob": "2000-03-01", "v": [ { "tg": "840539006", "vp": "1119305005", "mp": "EU/1/20/1528", "ma": "ORG-100030215", "dn": 99999999999999999999999999999999999, "sd": 2, "dt": "2021302-18", "co": "AT", "is": "BMSGPK Austria", "ci": "urn:uvci:01:AT:10807843F94AEE0EE5093FBC254BD813P" } ] }QRcode Payload :
HC1:NCFOXN%TSMAHN-HNL458GI3VR%8S3I0IIC+V 43G-VC9BWH2.W7%$CML9J77D*QQHIZC4TPIFRMLNKNM8JI0EUG*%NH$RSC9$HFE1E0QV1FD/Y4J1ER6W9NT9KP-FHTNP/78LSIT7AZI9$JAYHIXGGX2M KM1GGMJCQ SA KZ*U0I1-I0*OC6H0/VMNPM Q5TM8*N9-I06H00YQK*R3T3+7A.N88J4R$F/MAITH-+R2YBV44PZBBAKO1P9-8:0L.A5R8HM*G64TQCV5RQLCUU5WY31-LH/CJ6IAACG423%B04LT HBSZ46/45/G3ZCIATULV:SNS8F-67N%21Q21$4ZW4Z*AKWIX:S:+IZW4PHBO33BC786B*E3-433QBV53XEBW77WNN+FNULJ96B4UN*97$IJV7776B3D3CZK7%2RZ4QWCS46147TMHS6ML*H:/E6 N$YPQ98ZF0HYGKZNZXVB NEHFXHV$0T2VMF%UVRC-/623WU-F*NF$:II947HAT6UPDMUIP6 4JXD-5W7GGLZQ-TEB403SRF2Hoping to have helped ^^