From 27678892ede15ee623662d3a78015e74f0914989 Mon Sep 17 00:00:00 2001 From: agrahn Date: Thu, 25 Jul 2024 17:19:02 +0200 Subject: Fix application crash when disabling cache auto-clear option and potential attack vector (#3136) prevent app crash upon passphrase cache clearing --- .../app/passwordstore/ui/settings/PGPSettings.kt | 28 ++++++++++++++++++---- app/src/main/res/values/strings.xml | 1 + 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt b/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt index 2978b37a..c21036ed 100644 --- a/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt +++ b/app/src/main/java/app/passwordstore/ui/settings/PGPSettings.kt @@ -75,11 +75,31 @@ class PGPSettings( titleRes = R.string.pref_passphrase_cache_auto_clear_title summaryRes = R.string.pref_passphrase_cache_auto_clear_summary defaultValue = true - /* clear cache once when unchecking; this is to prevent a malicious user - * from bypassing cache clearing via the settings */ + /* Clear the cache once when unchecking; this is to prevent a malicious user (someone + * knowing the screen-lock pin, but not knowing the PGP passphrase) from bypassing cache + * clearing via the settings. However, clearing EncryptedSharedPreferences requires + * authentication, otherwise the app crashes. Thus, the bad user could still bypass cache + * clearing by dismissing the auhentication dialog. To prevent this, we enforce cache + * clearing to stay enabled in case of any authentication failure. */ onCheckedChange { checked -> - if (!checked) - activity.lifecycleScope.launch { passphraseCache.clearAllCachedPassphrases(activity) } + if (!checked) { + if (BiometricAuthenticator.canAuthenticate(activity)) { + BiometricAuthenticator.authenticate( + activity, + R.string.pref_passphrase_cache_auto_clear_authenticate_disable, + ) { + if (it is BiometricAuthenticator.Result.Success) { + activity.lifecycleScope.launch { + passphraseCache.clearAllCachedPassphrases(activity) + } + } else { + activity.sharedPrefs.edit { remove(PreferenceKeys.CLEAR_PASSPHRASE_CACHE) } + } + } + } else { + activity.sharedPrefs.edit { remove(PreferenceKeys.CLEAR_PASSPHRASE_CACHE) } + } + } true } } diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index 404339ce..bddc831d 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -138,6 +138,7 @@ Enable passphrase caching WARNING: this feature is functional but very experimental. Requires an active screen lock. Authenticate to enable cache + Authenticate to disable cache clearing Automatically clear passphrase cache Clears the passphrase cache when the screen is turned off -- cgit v1.2.3