libnm/crypto: ensure not leaking sensitive information when loading files

g_file_get_contents() may use re-alloc to load the file. Each time it re-allocated the buffer, it does not bother clearing the loaded buffer from memory. Alternatively, g_file_get_contents() may use stat() and only allocate one buffer. But also in this mode, without realloc(), it does not clear the buffer if reading the file fails with IO error later. Use nm_utils_file_get_contents() which does that. While at it, don't load files larger that 100 MB.
2026-01-06 08:30:15 +01:00 · 2018-08-30 15:23:34 +02:00 · 2018-08-30 15:23:34 +02:00 · b5abc8a1d5
commit b5abc8a1d5
parent c0a1f09a26
1 changed files with 8 additions and 1 deletions
--- a/libnm-core/nm-crypto.c
+++ b/libnm-core/nm-crypto.c
@ -31,6 +31,7 @@
 #include <stdlib.h>

 #include "nm-utils/nm-secret-utils.h"
+#include "nm-utils/nm-io-utils.h"

 #include "nm-crypto-impl.h"
 #include "nm-utils.h"
@ -349,7 +350,13 @@ file_read_contents (const char *filename,
 	nm_assert (out_contents->len == 0);
 	nm_assert (!out_contents->str);

-	return g_file_get_contents (filename, &out_contents->str, &out_contents->len, error);
+	return nm_utils_file_get_contents (-1,
+	                                   filename,
+	                                   100*1024*1024,
+	                                   NM_UTILS_FILE_GET_CONTENTS_FLAG_SECRET,
+	                                   &out_contents->str,
+	                                   &out_contents->len,
+	                                   error) >= 0;
 }

 /*