From f402dd81bb207ec7d7f69fa8afab6b7d2e24dffc Mon Sep 17 00:00:00 2001 From: BlackDex Date: Fri, 2 Dec 2022 16:25:11 +0100 Subject: [PATCH] Limit Cipher Note encrypted string size As discussed in #2937, this will limit the amount of encrypted characters to 10.000 characters, same as Bitwarden. This will not break current ciphers which exceed this limit, but it will prevent those ciphers from being updated. Fixes #2937 --- src/api/core/ciphers.rs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index c8c741d4..c72419b0 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -366,6 +366,12 @@ pub async fn update_cipher_from_data( err!("Organization mismatch. Please resync the client before updating the cipher") } + if let Some(note) = &data.Notes { + if note.len() > 10_000 { + err!("The field Notes exceeds the maximum encrypted value length of 10000 characters.") + } + } + // Check if this cipher is being transferred from a personal to an organization vault let transfer_cipher = cipher.organization_uuid.is_none() && data.OrganizationId.is_some();