Keepassxc: Wrong TOTP Settings cause application crash

Created on 16 Jul 2020  路  2Comments  路  Source: keepassxreboot/keepassxc

Overview

Hello

I added TOTP Settings in the wrong order and every attempt to access affected entry resulted in the app crash. Looks like if entry is alone in the group even access to the group may cause the crash.

Steps to Reproduce

  1. Create entry
  2. Add TOTP Secret field with any data (even empty works)
  3. Add TOTP Settings field with 6;30 (maybe different combinations works, don't know)

Expected Behavior

Application works but doesn't show TOTP.

Actual Behavior

Application crashes with message

Unhandled exception at 0x00000000001F9611 in KeePassXC.exe: 0xC0000094: Integer division by zero.

Context

KeePassXC - Version 2.6.0
Revision: 0765954

Qt 5.15.0
Debugging mode is disabled.

Operating system: Windows 10 Version 2004
CPU architecture: x86_64
Kernel: winnt 10.0.19041

Enabled extensions:

  • Auto-Type
  • Browser Integration
  • SSH Agent
  • KeeShare (signed and unsigned sharing)
  • YubiKey

Cryptographic libraries:
libgcrypt 1.8.5

Operating System: Windows

bug crash
Source
picture r10v

Most helpful comment

Thanks @droidmonkey for fast fix and the team for the great software!

picture r10v on 17 Jul 2020
🎉1 👍1

All 2 comments

Nice find! The crash occurs here:
https://github.com/keepassxreboot/keepassxc/blob/develop/src/totp/totp.cpp#L243

digitsPower overflows causing it to be 0. We need to add a bounds check to digits to ensure it is never greater than 10 (max TOTP length).

droidmonkey picture droidmonkey on 17 Jul 2020

Thanks @droidmonkey for fast fix and the team for the great software!

r10v picture r10v on 17 Jul 2020
🎉1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mstarke picture mstarke  路  3Comments
guihkx picture guihkx  路  3Comments
813gan picture 813gan  路  3Comments
JosephHatfield picture JosephHatfield  路  3Comments
MisterY picture MisterY  路  3Comments