Able to hard crash 1Password 7 on Mac OS with a malformed 1PIF import

copiousfreetime

Hi, I think I have found 2 bugs in the 1PIF import file process.

• If JSON is malformed, and a key value pair is missing a comma at the end of it, this will cause the 1PIF import to report success, the spinner will stay spinning, and the dialog will allow you to go to view your imports. When going to the vault, the imports have not been imported. An example file of this is false-import.1pif
• If the JSON is fine, but the notesPlain key has a value that is an array, this will hard crash 1Password7 on Mac. here is an example of that is crash.1pif

I found these while attempting to import passwords into 1password7 because when importing via CSV, the custom field headings in the CSV are ignored and when imported 1password just say "Field 6" or something along those lines in the custom fields section.

enjoy,

-jeremy

---

1Password Version: 7.4.2
Extension Version: Not Provided
OS Version: OS X 10.15.3
Sync Type: 1Passwoord Team
Referrer: forum-search:1Password7 fatal crash importing malformed 1PIF

MrC

@copiousfreetime

Try the csv converter in the converter suite. It will handle your custom field labels.

jpgoldberg

Thanks @copiousfreetime!

We will be looking into this. Someone might be getting reaching out to you about your samples. Obviously (or perhaps not obviously) we do need to be concerned about how 1Password behaves on malformed data.

copiousfreetime

@MrC I did try the convertor suite initially, and ended up with a zero byte 1pif file. Since I was writing code to convert an exported file from a legacy custom password tool to CSV it was just as easy to take that export and go straight to the .1pif itself, instead of converting from custom to CSV to .1pif - and I was able to get some additional fields / sections ported over better too. Thanks for the convertor suite - I definitely poked through it to understand the .1pif file format it bit.

copiousfreetime

@jpgoldberg Feel free to reach out at anytime, glad to help. I reported it for those obvious reasons :-).

MrC

@copiousfreetime

Got it. A zero-sized 1pif would only be created if there were CSV formatting issues. If you have a sample file that you feel was correctly formatted, and recreates the issue, of course I’d correct any problems.

Btw. The converter suite also discovered a few issues with, and crashes of 1Password importing 1pif.

Enjoy 1Password.

copiousfreetime

@mrc - not sure I can come up with one at the moment that wouldn't have confidential information in it, if you wanted to do some tests, The CSV had 40+ columns, and some of the fields held multilined text - propertly quoted - ASCII Armored certs. Other than that it was pretty straight forward. I was using the standard ruby CSV library to generate the CSV and its been pretty well tested.

I do enjoy 1Password - been using it for a long time, just converted our company over to Business with this import

MrC

@copiousfreetime

Obviously I'd like to understand and reproduce the issue. The Perl CSV module I'm using is also well vetted, but without further diagnostics, finding the edge case or triggering condition on my own is unlikely.

I'd imagine you've already moved on, but if are interested and have time to help me reproduce the issue, diagnostics can be enabled and that may provide some more clues. You can contact me via email (at the top of the conversion script). Otherwise I'll have to wait until someone can reproduce this and can assist. Thanks at least for the heads-up.

copiousfreetime

@MrC Will do - I have mostly moved on - I'll see if I can get a CSV that can replicate it for you in the next week or so.