search

mihaifm / HIBPOfflineCheck

Keepass plugin that performs offline and online checks against HaveIBeenPwned passwords
Other
317 stars 17 forks source link

Empty password field causes uncaught exception #17

Closed eren-kemer closed 5 years ago

eren-kemer commented 5 years ago 
************** Ausnahmetext **************
System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.

Server stack trace: 
   bei HIBPOfflineCheck.HIBPOfflineColumnProv.GetPasswordStatus()
   bei System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
   bei System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

Exception rethrown at [0]: 
   bei System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)
   bei System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)
   bei HIBPOfflineCheck.HIBPOfflineColumnProv.UpdateStatusDelegate.EndInvoke(IAsyncResult result)
   bei HIBPOfflineCheck.HIBPOfflineColumnProv.OnMenuHIBP(Object sender, EventArgs e)
   bei System.Windows.Forms.ToolStripItem.RaiseEvent(Object key, EventArgs e)
   bei System.Windows.Forms.ToolStripMenuItem.OnClick(EventArgs e)
   bei System.Windows.Forms.ToolStripItem.HandleClick(EventArgs e)
   bei System.Windows.Forms.ToolStripItem.HandleMouseUp(MouseEventArgs e)
   bei System.Windows.Forms.ToolStrip.OnMouseUp(MouseEventArgs mea)
   bei System.Windows.Forms.ToolStripDropDown.OnMouseUp(MouseEventArgs mea)
   bei System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   bei System.Windows.Forms.Control.WndProc(Message& m)
   bei System.Windows.Forms.ToolStrip.WndProc(Message& m)
   bei System.Windows.Forms.ToolStripDropDown.WndProc(Message& m)
   bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

************** Geladene Assemblys **************
mscorlib
    Assembly-Version: 4.0.0.0.
    Win32-Version: 4.7.3260.0 built by: NET472REL1LAST_C.
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll.
----------------------------------------
KeePass
    Assembly-Version: 2.41.0.19744.
    Win32-Version: 2.41.0.0.
    CodeBase: file:///C:/Program%20Files%20(x86)/KeePass%20Password%20Safe%202/KeePass.exe.
----------------------------------------
System
    Assembly-Version: 4.0.0.0.
    Win32-Version: 4.7.3314.0 built by: NET472REL1LAST_B.
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll.
----------------------------------------
System.Windows.Forms
    Assembly-Version: 4.0.0.0.
    Win32-Version: 4.7.3221.0 built by: NET472REL1LAST_C.
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll.
----------------------------------------
System.Drawing
    Assembly-Version: 4.0.0.0.
    Win32-Version: 4.7.3056.0 built by: NET472REL1.
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll.
----------------------------------------
System.Configuration
    Assembly-Version: 4.0.0.0.
    Win32-Version: 4.7.3056.0 built by: NET472REL1.
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll.
----------------------------------------
System.Core
    Assembly-Version: 4.0.0.0.
    Win32-Version: 4.7.3221.0 built by: NET472REL1LAST_C.
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll.
----------------------------------------
System.Xml
    Assembly-Version: 4.0.0.0.
    Win32-Version: 4.7.3056.0 built by: NET472REL1.
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll.
----------------------------------------
System.Windows.Forms.resources
    Assembly-Version: 4.0.0.0.
    Win32-Version: 4.7.3056.0 built by: NET472REL1.
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms.resources/v4.0_4.0.0.0_de_b77a5c561934e089/System.Windows.Forms.resources.dll.
----------------------------------------
AutoTypeSearch
    Assembly-Version: 2.27.0.0.
    Win32-Version: 0.9.1.0.
    CodeBase: file:///C:/Users/XXXX/AppData/Local/KeePass/PluginCache/60zH0l5Vf1J5tnjRhcJG/AutoTypeSearch.dll.
----------------------------------------
DataBaseBackup
    Assembly-Version: 2.0.8.6.
    Win32-Version: 2.0.8.6.
    CodeBase: file:///C:/Users/XXXX/AppData/Local/KeePass/PluginCache/dBl1XeI1cqoxNRs6LpVS/DataBaseBackup.dll.
----------------------------------------
HIBPOfflineCheck
    Assembly-Version: 1.3.1.0.
    Win32-Version: 1.3.1.0.
    CodeBase: file:///C:/Users/XXXX/AppData/Local/KeePass/PluginCache/qK3m0N3c9ZUYO18vYYYb/HIBPOfflineCheck.dll.
----------------------------------------
System.Security
    Assembly-Version: 4.0.0.0.
    Win32-Version: 4.7.3101.0 built by: NET472REL1LAST_B.
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Security/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Security.dll.
----------------------------------------
KeePass.XmlSerializers
    Assembly-Version: 2.41.0.19744.
    Win32-Version: 2.41.0.19744.
    CodeBase: file:///C:/Program%20Files%20(x86)/KeePass%20Password%20Safe%202/KeePass.XmlSerializers.DLL.
----------------------------------------
mscorlib.resources
    Assembly-Version: 4.0.0.0.
    Win32-Version: 4.7.3056.0 built by: NET472REL1.
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/mscorlib.resources/v4.0_4.0.0.0_de_b77a5c561934e089/mscorlib.resources.dll.
----------------------------------------
Windows.ApplicationModel
    Assembly-Version: 255.255.255.255.
    Win32-Version: 10.0.10011.16384.
    CodeBase: file:///C:/WINDOWS/system32/WinMetadata/Windows.ApplicationModel.winmd.
----------------------------------------
mihaifm commented 5 years ago

Hi, what is this issue about? Any replications steps?

mihaifm commented 5 years ago

Maybe it's tied to the language used in the application, I'm not getting any exceptions for empty password fields

Kebap commented 5 years ago

Testing HIBP with German language file for KeePass (as the error message is shown in German) but it is working fine for me, creating a new entry without any password will not produce any exception or error message like that.

ventilator commented 5 years ago

I can confirm. if you use KeePassHttp, the plugin creates one entry with the name "KeePassHttp Settings" which causes an exception.

System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.

Server stack trace: bei HIBPOfflineCheck.HIBPOfflineColumnProv.GetPasswordStatus() bei System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs) bei System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

Exception rethrown at [0]: bei System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase) bei System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData) bei HIBPOfflineCheck.HIBPOfflineColumnProv.UpdateStatusDelegate.EndInvoke(IAsyncResult result) bei HIBPOfflineCheck.HIBPOfflineColumnProv.OnMenuHIBP(Object sender, EventArgs e) bei System.Windows.Forms.ToolStripItem.RaiseEvent(Object key, EventArgs e) bei System.Windows.Forms.ToolStripMenuItem.OnClick(EventArgs e) bei System.Windows.Forms.ToolStripItem.HandleClick(EventArgs e) bei System.Windows.Forms.ToolStripItem.HandleMouseUp(MouseEventArgs e) bei System.Windows.Forms.ToolStrip.OnMouseUp(MouseEventArgs mea) bei System.Windows.Forms.ToolStripDropDown.OnMouseUp(MouseEventArgs mea) bei System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks) bei System.Windows.Forms.Control.WndProc(Message& m) bei System.Windows.Forms.ToolStrip.WndProc(Message& m) bei System.Windows.Forms.ToolStripDropDown.WndProc(Message& m) bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

jeff9315 commented 5 years ago

I can verify that this occurs. It APPEARS that certain plugins create an entry for themselves in which the password LOOKS blank but probably contains an unprintable character. Just typing in one character and then backspacing to blank it out seems to fix the issue (as as workaround).

mihaifm commented 5 years ago

Did you try this with the latest version of the plugin? I can confirm there's a problem there, but I didn't get the exception, for me it just doesn't give any status on the password.

mihaifm commented 5 years ago

I made a fix for this (e3372c3a9f6a859ccb63051c83cdc9583ad6cff4), you can try it out with the below .plgx before I publish a new release.

Hope it works, like I said I didn't get the exception but I could see where the problem was, the password field was basically missing from the entry, it seems like this is possible and some plugins actually create entries without a password field.

HIBPOfflineCheck.zip

jeff9315 commented 5 years ago

Yes, this now works for me.