Karl/BobStore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add more checks on fingerprints fed to Utils.formatFingerprint()

Browse Source 
This is the gateway to the user, so this should present trusted info!
This commit is contained in:
Hans-Christoph Steiner 2014-04-26 16:12:34 -04:00
parent cce393de09
commit 4dc2c60863
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/org/fdroid/fdroid/Utils.java
View File

@ -178,7 +178,9 @@ public final class Utils {
// return a fingerprint formatted for display
public static String formatFingerprint(String fingerprint) {
if (fingerprint.length() != 64) // SHA-256 is 64 hex chars
if (TextUtils.isEmpty(fingerprint)
|| fingerprint.length() != 64 // SHA-256 is 64 hex chars
|| fingerprint.matches(".*[^0-9a-fA-F].*")) // its a hex string
return "BAD FINGERPRINT";
String displayFP = fingerprint.substring(0, 2);
for (int i = 2; i < fingerprint.length(); i = i + 2)