1
0
mirror of https://github.com/bitwarden/browser synced 2025-01-23 09:42:06 +01:00

[PM-9619] Fix broken vault upon saving empty URI (#10037)

* [PM-9619] Add null check for URI before validating checksum

* [PM-9619] Prevent saving empty string login URIs
This commit is contained in:
Shane Melton 2024-07-09 10:48:46 -07:00 committed by GitHub
parent 0e2c486a38
commit 2fe07f3d8e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 6 additions and 1 deletions

View File

@ -69,6 +69,11 @@ export class Login extends Domain {
if (this.uris != null) {
view.uris = [];
for (let i = 0; i < this.uris.length; i++) {
// If the uri is null, there is nothing to decrypt or validate
if (this.uris[i].uri == null) {
continue;
}
const uri = await this.uris[i].decrypt(orgId, encKey);
// URIs are shared remotely after decryption
// we need to validate that the string hasn't been changed by a compromised server

View File

@ -1374,7 +1374,7 @@ export class CipherService implements CipherServiceAbstraction {
if (model.login.uris != null) {
cipher.login.uris = [];
model.login.uris = model.login.uris.filter((u) => u.uri != null);
model.login.uris = model.login.uris.filter((u) => u.uri != null && u.uri !== "");
for (let i = 0; i < model.login.uris.length; i++) {
const loginUri = new LoginUri();
loginUri.match = model.login.uris[i].match;