fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-04 23:50:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

libnm,shared: bzero secrets on failure in nm_utils_base64secret_decode()

Browse source 
Now that unbase64mem_full() understands a secure flag, we can
get this right.
This commit is contained in:
Thomas Haller 2019-04-12 07:39:48 +02:00
parent d3d45fd1f9
commit da4f229805
4 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libnm-core/nm-utils.c
View file

@ -6697,7 +6697,7 @@ nm_utils_base64secret_decode (const char *base64_key,
base64_key_len = strlen (base64_key);
r = nm_sd_utils_unbase64mem (base64_key, base64_key_len, &bin_arr, &bin_len);
r = nm_sd_utils_unbase64mem (base64_key, base64_key_len, TRUE, &bin_arr, &bin_len);
if (r < 0)
return FALSE;
if (bin_len != required_key_len) {

5
shared/systemd/nm-sd-utils-shared.c
View file

@ -62,6 +62,8 @@ nm_sd_utils_unbase64char (char ch, gboolean accept_padding_equal)
* will cause the function to fail.
* @l: the length of @p. @p is not treated as NUL terminated string but
* merely as a buffer of ascii characters.
* @secure: whether the temporary memory will be cleared to avoid leaving
* secrets in memory (see also nm_explict_bzero()).
* @mem: (transfer full): the decoded buffer on success.
* @len: the length of @mem on success.
*
@ -75,8 +77,9 @@ nm_sd_utils_unbase64char (char ch, gboolean accept_padding_equal)
int
nm_sd_utils_unbase64mem (const char *p,
size_t l,
gboolean secure,
guint8 **mem,
size_t *len)
{
return unbase64mem (p, l, (void **) mem, len);
return unbase64mem_full (p, l, secure, (void **) mem, len);
}

6
shared/systemd/nm-sd-utils-shared.h
View file

@ -31,7 +31,11 @@ const char *nm_sd_utils_path_startswith (const char *path, const char *prefix);
int nm_sd_utils_unbase64char (char ch, gboolean accept_padding_equal);
int nm_sd_utils_unbase64mem (const char *p, size_t l, guint8 **mem, size_t *len);
int nm_sd_utils_unbase64mem (const char *p,
size_t l,
gboolean secure,
guint8 **mem,
size_t *len);
/*****************************************************************************/

6
src/tests/test-systemd.c
View file

@ -269,12 +269,12 @@ _test_unbase64mem_mem (const char *base64, const guint8 *expected_arr, gsize exp
for (i = 0; expected_base64[i]; i++)
_test_unbase64char (expected_base64[i], FALSE);
r = nm_sd_utils_unbase64mem (expected_base64, strlen (expected_base64), &exp2_arr, &exp2_len);
r = nm_sd_utils_unbase64mem (expected_base64, strlen (expected_base64), TRUE, &exp2_arr, &exp2_len);
g_assert_cmpint (r, ==, 0);
g_assert_cmpmem (expected_arr, expected_len, exp2_arr, exp2_len);
if (!nm_streq (base64, expected_base64)) {
r = nm_sd_utils_unbase64mem (base64, strlen (base64), &exp3_arr, &exp3_len);
r = nm_sd_utils_unbase64mem (base64, strlen (base64), TRUE, &exp3_arr, &exp3_len);
g_assert_cmpint (r, ==, 0);
g_assert_cmpmem (expected_arr, expected_len, exp3_arr, exp3_len);
}
@ -289,7 +289,7 @@ _test_unbase64mem_inval (const char *base64)
gsize exp_len = 0;
int r;
r = nm_sd_utils_unbase64mem (base64, strlen (base64), &exp_arr, &exp_len);
r = nm_sd_utils_unbase64mem (base64, strlen (base64), TRUE, &exp_arr, &exp_len);
g_assert_cmpint (r, <, 0);
g_assert (!exp_arr);
g_assert (exp_len == 0);