From b5abc8a1d539f9b7af9cf53a8ea4a1be9616e0eb Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 30 Aug 2018 15:23:34 +0200
Subject: [PATCH] libnm/crypto: ensure not leaking sensitive information when
 loading files

g_file_get_contents() may use re-alloc to load the file. Each time
it re-allocated the buffer, it does not bother clearing the loaded
buffer from memory.

Alternatively, g_file_get_contents() may use stat() and only allocate
one buffer. But also in this mode, without realloc(), it does not
clear the buffer if reading the file fails with IO error later.

Use nm_utils_file_get_contents() which does that.

While at it, don't load files larger that 100 MB.
---
 libnm-core/nm-crypto.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/libnm-core/nm-crypto.c b/libnm-core/nm-crypto.c
index 9dd32fe7f3..e1235ccbbe 100644
--- a/libnm-core/nm-crypto.c
+++ b/libnm-core/nm-crypto.c
@@ -31,6 +31,7 @@
 #include <stdlib.h>
 
 #include "nm-utils/nm-secret-utils.h"
+#include "nm-utils/nm-io-utils.h"
 
 #include "nm-crypto-impl.h"
 #include "nm-utils.h"
@@ -349,7 +350,13 @@ file_read_contents (const char *filename,
 	nm_assert (out_contents->len == 0);
 	nm_assert (!out_contents->str);
 
-	return g_file_get_contents (filename, &out_contents->str, &out_contents->len, error);
+	return nm_utils_file_get_contents (-1,
+	                                   filename,
+	                                   100*1024*1024,
+	                                   NM_UTILS_FILE_GET_CONTENTS_FLAG_SECRET,
+	                                   &out_contents->str,
+	                                   &out_contents->len,
+	                                   error) >= 0;
 }
 
 /*