fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-06 20:10:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

core: ensure NUL terminated secret_key buffer

Browse source 
The secret_key is binary random data, so one shouldn't ever use it as a
NUL terminated string directly.

Still, just ensure that the entire buffer is always NUL terminated.
This commit is contained in:
Thomas Haller 2018-05-22 16:08:50 +02:00
parent 5f5f75ce0e
commit d0f1dc654e
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/nm-core-utils.c
View file

@ -2820,7 +2820,7 @@ nm_utils_secret_key_read (gsize *out_key_len, GError **error)
/* RFC7217 mandates the key SHOULD be at least 128 bits.
* Let's use twice as much. */
key_len = 32;
secret_key = g_malloc (key_len);
secret_key = g_malloc (key_len + 1);
if (!nm_utils_random_bytes (secret_key, key_len)) {
g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
@ -2829,6 +2829,10 @@ nm_utils_secret_key_read (gsize *out_key_len, GError **error)
goto out;
}
/* the secret-key is binary. Still, ensure that it's NULL terminated, just like
* g_file_set_contents() does. */
secret_key[32] = '\0';
key_mask = umask (0077);
if (!g_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, error)) {
g_prefix_error (error, "Can't write " NMSTATEDIR "/secret_key: ");