From 4dc2c60863dde06fa9880165c9ca9c889e7525ae Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Sat, 26 Apr 2014 16:12:34 -0400 Subject: [PATCH] add more checks on fingerprints fed to Utils.formatFingerprint() This is the gateway to the user, so this should present trusted info! --- src/org/fdroid/fdroid/Utils.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/org/fdroid/fdroid/Utils.java b/src/org/fdroid/fdroid/Utils.java index 8d146823a..20b64e07a 100644 --- a/src/org/fdroid/fdroid/Utils.java +++ b/src/org/fdroid/fdroid/Utils.java @@ -178,7 +178,9 @@ public final class Utils { // return a fingerprint formatted for display public static String formatFingerprint(String fingerprint) { - if (fingerprint.length() != 64) // SHA-256 is 64 hex chars + if (TextUtils.isEmpty(fingerprint) + || fingerprint.length() != 64 // SHA-256 is 64 hex chars + || fingerprint.matches(".*[^0-9a-fA-F].*")) // its a hex string return "BAD FINGERPRINT"; String displayFP = fingerprint.substring(0, 2); for (int i = 2; i < fingerprint.length(); i = i + 2)