search

libkeepass / pykeepass

Python library to interact with keepass databases (supports KDBX3 and KDBX4)
https://pypi.org/project/pykeepass/
GNU General Public License v3.0
411 stars 96 forks source link

Fix composite key computation for BytesIO #388

Closed janbrummer closed 5 months ago

janbrummer commented 6 months ago

In case a keyfile as BytesIO has been read before, the next read will be empty. We need to ensure that we are reading the data from the beginning.

Add seek to start to fix it.

A6GibKm commented 6 months ago

Please add a test to showcase how this can corrupt a db and that it does not happen with this patch.

janbrummer commented 6 months ago

Please add a test to showcase how this can corrupt a db and that it does not happen with this patch.

Could you take this one over? I do have some higher priority stuff on my stack and this blocks Secrets.

A6GibKm commented 6 months ago

Please add a test to showcase how this can corrupt a db and that it does not happen with this patch.

Could you take this one over? I do have some higher priority stuff on my stack and this blocks Secrets.

Sure, thanks for looking into it!! Make sure I am able to push to this branch.

A6GibKm commented 6 months ago

@Evidlo Hi, this is ready for review. For context, this is corrupting databases on Secrets https://gitlab.gnome.org/World/secrets/-/issues/537.