From b65b01fe3d679cf41c22050ec3dd59c3e228d1f4 Mon Sep 17 00:00:00 2001
From: Matt Portune <59324545+mportune-bw@users.noreply.github.com>
Date: Thu, 5 Mar 2020 12:44:01 -0500
Subject: [PATCH] Fixed potential broadcast leak & policy value parsing (#756)

---
 .../Pages/Settings/ExportVaultPage.xaml.cs    |  3 +-
 .../Services/PasswordGenerationService.cs     | 63 +++++++++++++------
 2 files changed, 45 insertions(+), 21 deletions(-)

diff --git a/src/App/Pages/Settings/ExportVaultPage.xaml.cs b/src/App/Pages/Settings/ExportVaultPage.xaml.cs
index c1f61d28b..a1578d8d9 100644
--- a/src/App/Pages/Settings/ExportVaultPage.xaml.cs
+++ b/src/App/Pages/Settings/ExportVaultPage.xaml.cs
@@ -24,7 +24,7 @@ namespace Bit.App.Pages
         {
             base.OnAppearing();
             await _vm.InitAsync();
-            _broadcasterService.Subscribe(nameof(AttachmentsPage), (message) =>
+            _broadcasterService.Subscribe(nameof(ExportVaultPage), (message) =>
             {
                 if(message.Command == "selectSaveFileResult")
                 {
@@ -45,6 +45,7 @@ namespace Bit.App.Pages
         protected async override void OnDisappearing()
         {
             base.OnDisappearing();
+            _broadcasterService.Unsubscribe(nameof(ExportVaultPage));
         }
 
         public Entry MasterPasswordEntry { get; set; }
diff --git a/src/Core/Services/PasswordGenerationService.cs b/src/Core/Services/PasswordGenerationService.cs
index ecdc8626d..a3289b2cd 100644
--- a/src/Core/Services/PasswordGenerationService.cs
+++ b/src/Core/Services/PasswordGenerationService.cs
@@ -344,55 +344,78 @@ namespace Bit.Core.Services
                     enforcedOptions = new PasswordGeneratorPolicyOptions();
                 }
 
-                var currentPolicyMinLength = currentPolicy.Data["minLength"];
-                if(currentPolicyMinLength != null &&
-                   (int)(long)currentPolicyMinLength > enforcedOptions.MinLength)
+                var minLength = GetPolicyInt(currentPolicy, "minLength");
+                if(minLength != null && (int)(long)minLength > enforcedOptions.MinLength)
                 {
-                    enforcedOptions.MinLength = (int)(long)currentPolicyMinLength;
+                    enforcedOptions.MinLength = (int)(long)minLength;
                 }
 
-                var currentPolicyUseUpper = currentPolicy.Data["useUpper"];
-                if(currentPolicyUseUpper != null && (bool)currentPolicyUseUpper)
+                var useUpper = GetPolicyBool(currentPolicy, "useUpper");
+                if(useUpper != null && (bool)useUpper)
                 {
                     enforcedOptions.UseUppercase = true;
                 }
 
-                var currentPolicyUseLower = currentPolicy.Data["useLower"];
-                if(currentPolicyUseLower != null && (bool)currentPolicyUseLower)
+                var useLower = GetPolicyBool(currentPolicy, "useLower");
+                if(useLower != null && (bool)useLower)
                 {
                     enforcedOptions.UseLowercase = true;
                 }
 
-                var currentPolicyUseNumbers = currentPolicy.Data["useNumbers"];
-                if(currentPolicyUseNumbers != null && (bool)currentPolicyUseNumbers)
+                var useNumbers = GetPolicyBool(currentPolicy, "useNumbers");
+                if(useNumbers != null && (bool)useNumbers)
                 {
                     enforcedOptions.UseNumbers = true;
                 }
 
-                var currentPolicyMinNumbers = currentPolicy.Data["minNumbers"];
-                if(currentPolicyMinNumbers != null &&
-                   (int)(long)currentPolicyMinNumbers > enforcedOptions.NumberCount)
+                var minNumbers = GetPolicyInt(currentPolicy, "minNumbers");
+                if(minNumbers != null && (int)(long)minNumbers > enforcedOptions.NumberCount)
                 {
-                    enforcedOptions.NumberCount = (int)(long)currentPolicyMinNumbers;
+                    enforcedOptions.NumberCount = (int)(long)minNumbers;
                 }
 
-                var currentPolicyUseSpecial = currentPolicy.Data["useSpecial"];
-                if(currentPolicyUseSpecial != null && (bool)currentPolicyUseSpecial)
+                var useSpecial = GetPolicyBool(currentPolicy, "useSpecial");
+                if(useSpecial != null && (bool)useSpecial)
                 {
                     enforcedOptions.UseSpecial = true;
                 }
 
-                var currentPolicyMinSpecial = currentPolicy.Data["minSpecial"];
-                if(currentPolicyMinSpecial != null &&
-                   (int)(long)currentPolicyMinSpecial > enforcedOptions.SpecialCount)
+                var minSpecial = GetPolicyInt(currentPolicy, "minSpecial");
+                if(minSpecial != null && (int)(long)minSpecial > enforcedOptions.SpecialCount)
                 {
-                    enforcedOptions.SpecialCount = (int)(long)currentPolicyMinSpecial;
+                    enforcedOptions.SpecialCount = (int)(long)minSpecial;
                 }
             }
 
             return enforcedOptions;
         }
 
+        private int? GetPolicyInt(Policy policy, string key)
+        {
+            if(policy.Data.ContainsKey(key))
+            {
+                var value = policy.Data[key];
+                if(value != null)
+                {
+                    return (int)(long)value;
+                }
+            }
+            return null;
+        }
+
+        private bool? GetPolicyBool(Policy policy, string key)
+        {
+            if(policy.Data.ContainsKey(key))
+            {
+                var value = policy.Data[key];
+                if(value != null)
+                {
+                    return (bool)value;
+                }
+            }
+            return null;
+        }
+
         public async Task SaveOptionsAsync(PasswordGenerationOptions options)
         {
             await _storageService.SaveAsync(Keys_Options, options);