Merge pull request #45 from RafaelFernandesBR/teleNVDA

jmdaweb · web-flow · commit e70e8d2202fb · 2025-03-03T18:32:59.000+01:00
Correction for CVE-2025-26326
diff --git a/addon/globalPlugins/remoteClient/dialogs.py b/addon/globalPlugins/remoteClient/dialogs.py
@@ -220,15 +220,42 @@ def on_client_or_server(self, evt):
 			self.panel = ServerPanel(parent=self.container)
 		self.main_sizer.Fit(self)
 
+	def is_sequential(self, password):
+		if len(password) < 3:
+			return False
+		for i in range(len(password) - 2):
+			if ord(password[i]) == ord(password[i + 1]) - 1 == ord(password[i + 2]) - 2:
+				return True
+		return False
+
 	def on_ok(self, evt):
-		if self.client_or_server.GetSelection() == 0 and (not self.panel.host.GetValue() or not self.panel.key.GetValue()):
-			gui.messageBox(_("Both host and key must be set."), _("Error"), wx.OK | wx.ICON_ERROR)
-			self.panel.host.SetFocus()
-		elif self.client_or_server.GetSelection() == 1 and not self.panel.port.GetValue() or not self.panel.key.GetValue():
-			gui.messageBox(_("Both port and key must be set."), _("Error"), wx.OK | wx.ICON_ERROR)
-			self.panel.port.SetFocus()
-		else:
-			evt.Skip()
+		if self.client_or_server.GetSelection() == 0:
+			if not self.panel.host.GetValue() or not self.panel.key.GetValue():
+				gui.messageBox(_("Both host and key must be set."), _("Error"), wx.OK | wx.ICON_ERROR)
+				self.panel.host.SetFocus()
+				return
+			elif len(self.panel.key.GetValue()) < 6:
+				gui.messageBox(_("The key must be longer than 6 characters."), _("Error"), wx.OK | wx.ICON_ERROR)
+				self.panel.key.SetFocus()
+				return
+			elif self.is_sequential(self.panel.key.GetValue()):
+				gui.messageBox(_("The key must not be sequential."), _("Error"), wx.OK | wx.ICON_ERROR)
+				self.panel.key.SetFocus()
+				return
+		elif self.client_or_server.GetSelection() == 1:
+			if not self.panel.port.GetValue() or not self.panel.key.GetValue():
+				gui.messageBox(_("Both port and key must be set."), _("Error"), wx.OK | wx.ICON_ERROR)
+				self.panel.port.SetFocus()
+				return
+			elif len(self.panel.key.GetValue()) < 6:
+				gui.messageBox(_("The key must be longer than 6 characters."), _("Error"), wx.OK | wx.ICON_ERROR)
+				self.panel.key.SetFocus()
+				return
+			elif self.is_sequential(self.panel.key.GetValue()):
+				gui.messageBox(_("The key must not be sequential."), _("Error"), wx.OK | wx.ICON_ERROR)
+				self.panel.key.SetFocus()
+				return
+		evt.Skip()
 
 class OptionsDialog(SettingsPanel):
 
@@ -356,6 +383,16 @@ def onSave(self):
 			elif self.client_or_server.GetSelection() and not self.port.GetValue() or not self.key.GetValue():
 				gui.messageBox(_("Both port and key must be set."), _("Error"), wx.OK | wx.ICON_ERROR)
 				raise
+			if len(self.key.GetValue()) < 6:
+				# Translators: error message for key/password length less than 6 characters
+				gui.messageBox(_("The key must be longer than 6 characters."), _("Error"), wx.OK | wx.ICON_ERROR)
+				self.key.SetFocus()
+				raise
+			elif self.is_sequential(self.key.GetValue()):
+				# Translators: error message for key/password being sequential, example 123456
+				gui.messageBox(_("The key must not be sequential."), _("Error"), wx.OK | wx.ICON_ERROR)
+				self.key.SetFocus()
+				raise
 		NVDAConfig.conf.profiles[-1].name = self.originalProfileName
 		config = configuration.get_config()
 		cs = config['controlserver']
@@ -378,6 +415,14 @@ def onSave(self):
 		config['ui']['portcheck'] = self.portcheck.GetValue()
 		config.write()
 
+	def is_sequential(self, password):
+		if len(password) < 3:
+			return False
+		for i in range(len(password) - 2):
+			if ord(password[i]) == ord(password[i + 1]) - 1 == ord(password[i + 2]) - 2:
+				return True
+		return False
+
 class CertificateUnauthorizedDialog(wx.MessageDialog):
 
 	def __init__(self, parent, fingerprint=None):
