CLogDlg::MonitorEditProject remove \r and \n from encrypted username/password

17 views
Skip to first unread message

Daniel Sahlberg

unread,
Nov 21, 2022, 7:21:47 PM11/21/22
to TortoiseSVN-dev
Hi,

While investigating another issue in the Project Monitor, I saw the following code in MonitorEditProject:

[[[
        pEditProject->username = CStringUtils::Encrypt(dlg.m_sUsername);
        pEditProject->password = CStringUtils::Encrypt(dlg.m_sPassword);
        pEditProject->username.Remove('\r');
        pEditProject->password.Remove('\r');
        pEditProject->username.Replace('\n', ' ');
        pEditProject->password.Replace('\n', ' ');
]]]

Is there a guarantee that CryptBinaryToStringW (called by Encrypt) cannot return \r or \n in the encrypted (and formatted) data?

The code was added in r25576. In r25909, the flag CRYPT_STRING_NOCRLF was added in the call to CryptBinaryToStringW.

Kind regards,
Daniel

Stefan

unread,
Nov 22, 2022, 12:36:08 PM11/22/22
to TortoiseSVN-dev
Now that we don't support WinXP anymore, the string operations to remove/replace newlines can be removed. But for XP it was necessary because the CRYPT_STRING_NOCRLF option doesn't work on XP, which means there the CryptBinaryToStringW API always appended a newline.

Stefan

Daniel Sahlberg

unread,
Nov 22, 2022, 4:18:10 PM11/22/22
to TortoiseSVN-dev
tisdag 22 november 2022 kl. 18:36:08 UTC+1 skrev Stefan:
Now that we don't support WinXP anymore, the string operations to remove/replace newlines can be removed. But for XP it was necessary because the CRYPT_STRING_NOCRLF option doesn't work on XP, which means there the CryptBinaryToStringW API always appended a newline.

Stefan

Thanks, committed r29483.
/Daniel 
Reply all
Reply to author
Forward
0 new messages