search

libkeepass / pykeepass

Python library to interact with keepass databases (supports KDBX3 and KDBX4)
https://pypi.org/project/pykeepass/
GNU General Public License v3.0
403 stars 96 forks source link

Bug: xml keyfiles with unexpected structure leads to errors #369

Closed Ovsyanka closed 4 months ago

Ovsyanka commented 6 months ago

I faced with the issue when tried to use some svg file as keyfile. I got the error

File "/home/or/works/opensource/pykeepass/pykeepass/kdbx_parsing/common.py", line 130, in compute_key_composite
    version = version_element.text
AttributeError: 'NoneType' object has no attribute 'text'

keyfile example to reproduce the error:

<xml />

The reason is that pykeepass doesn't check if xml is valid XML keyfile and handle any xml file as XML keyfile trying to read expected fields.

by XML keyfile I mean one of supported keyfile formats

As I understand, the correct approach would be treat xml files, that doesn't have expected schema as plain text.

And there is another error. If the xml file has Meta/Version, that doesn't start from 1.0 or 2.0 - it will raise another error:

File "/home/or/works/opensource/pykeepass/pykeepass/kdbx_parsing/common.py", line 169, in compute_key_composite
    return hashlib.sha256(password_composite + keyfile_composite).digest()
UnboundLocalError: cannot access local variable 'keyfile_composite' where it is not associated with a value

keyfile example to reproduce the error:

<root>
    <Meta>
        <Version>3.0</Version>
    </Meta>
</root>
Evidlo commented 4 months ago

Thanks for reporting this. This is fixed in https://github.com/libkeepass/pykeepass/commit/07245bf2a76da7e19ecf804e3cff77af124313f1