colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

shared: add NM_UTILS_STR_UTF8_SAFE_FLAG_SECRET flag

Browse Source 
The new flag tells that as we re-allocate data buffers during
escaping, we bzero the memory to avoid leaking secrets.
This commit is contained in:
Thomas Haller
2018-09-09 12:19:07 +02:00
parent eda47170ed
commit 27e788cce8
3 changed files with 22 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libnm-core/tests/test-general.c
View File

@@ -7545,10 +7545,11 @@ _do_test_utils_str_utf8safe (const char *str, gsize str_len, const char *expecte
gs_free char *str_free_7 = NULL; gs_free char *str_free_7 = NULL;
gs_free char *str_free_8 = NULL; gs_free char *str_free_8 = NULL;
gboolean str_has_nul = FALSE; gboolean str_has_nul = FALSE;
#define RND_FLAG ((nmtst_get_rand_bool ()) ? NM_UTILS_STR_UTF8_SAFE_FLAG_NONE : NM_UTILS_STR_UTF8_SAFE_FLAG_SECRET)
buf_safe = nm_utils_buf_utf8safe_escape (str, str_len, flags, &str_free_1); buf_safe = nm_utils_buf_utf8safe_escape (str, str_len, flags | RND_FLAG, &str_free_1);
str_safe = nm_utils_str_utf8safe_escape (str, flags, &str_free_2); str_safe = nm_utils_str_utf8safe_escape (str, flags | RND_FLAG, &str_free_2);
if (str_len == 0) { if (str_len == 0) {
g_assert (buf_safe == NULL); g_assert (buf_safe == NULL);
@@ -7568,7 +7569,7 @@ _do_test_utils_str_utf8safe (const char *str, gsize str_len, const char *expecte
} else } else
str_has_nul = TRUE; str_has_nul = TRUE;
str_free_3 = nm_utils_str_utf8safe_escape_cp (str, flags); str_free_3 = nm_utils_str_utf8safe_escape_cp (str, flags | RND_FLAG);
g_assert_cmpstr (str_free_3, ==, str_safe); g_assert_cmpstr (str_free_3, ==, str_safe);
g_assert ((!str && !str_free_3) || (str != str_free_3)); g_assert ((!str && !str_free_3) || (str != str_free_3));

30
shared/nm-glib-aux/nm-shared-utils.c
View File

@@ -2204,12 +2204,14 @@ nm_g_type_find_implementing_class_for_property (GType gtype,
/*****************************************************************************/ /*****************************************************************************/
static void static void
_str_append_escape (GString *s, char ch) _str_buf_append_c_escape_octal (NMStrBuf *strbuf,
char ch)
{ {
g_string_append_c (s, '\\'); nm_str_buf_append_c4 (strbuf,
g_string_append_c (s, '0' + ((((guchar) ch) >> 6) & 07)); '\\',
g_string_append_c (s, '0' + ((((guchar) ch) >> 3) & 07)); '0' + ((char) ((((guchar) ch) >> 6) & 07)),
g_string_append_c (s, '0' + ( ((guchar) ch) & 07)); '0' + ((char) ((((guchar) ch) >> 3) & 07)),
'0' + ((char) ((((guchar) ch) ) & 07)));
} }
gconstpointer gconstpointer
@@ -2338,7 +2340,7 @@ nm_utils_buf_utf8safe_escape (gconstpointer buf, gssize buflen, NMUtilsStrUtf8Sa
const char *p = NULL; const char *p = NULL;
const char *s; const char *s;
gboolean nul_terminated = FALSE; gboolean nul_terminated = FALSE;
GString *gstr; NMStrBuf strbuf;
g_return_val_if_fail (to_free, NULL); g_return_val_if_fail (to_free, NULL);
@@ -2369,7 +2371,9 @@ nm_utils_buf_utf8safe_escape (gconstpointer buf, gssize buflen, NMUtilsStrUtf8Sa
return str; return str;
} }
gstr = g_string_sized_new (buflen + 5); nm_str_buf_init (&strbuf,
buflen + 5,
NM_FLAGS_HAS (flags, NM_UTILS_STR_UTF8_SAFE_FLAG_SECRET));
s = str; s = str;
do { do {
@@ -2379,21 +2383,22 @@ nm_utils_buf_utf8safe_escape (gconstpointer buf, gssize buflen, NMUtilsStrUtf8Sa
for (; s < p; s++) { for (; s < p; s++) {
char ch = s[0]; char ch = s[0];
nm_assert (ch);
if (ch == '\\') if (ch == '\\')
g_string_append (gstr, "\\\\"); nm_str_buf_append_c2 (&strbuf, '\\', '\\');
else if ( ( NM_FLAGS_HAS (flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL) \ else if ( ( NM_FLAGS_HAS (flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL) \
&& ch < ' ') \ && ch < ' ') \
|| ( NM_FLAGS_HAS (flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII) \ || ( NM_FLAGS_HAS (flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII) \
&& ((guchar) ch) >= 127)) && ((guchar) ch) >= 127))
_str_append_escape (gstr, ch); _str_buf_append_c_escape_octal (&strbuf, ch);
else else
g_string_append_c (gstr, ch); nm_str_buf_append_c (&strbuf, ch);
} }
if (buflen <= 0) if (buflen <= 0)
break; break;
_str_append_escape (gstr, p[0]); _str_buf_append_c_escape_octal (&strbuf, p[0]);
buflen--; buflen--;
if (buflen == 0) if (buflen == 0)
@@ -2403,8 +2408,7 @@ nm_utils_buf_utf8safe_escape (gconstpointer buf, gssize buflen, NMUtilsStrUtf8Sa
(void) g_utf8_validate (s, buflen, &p); (void) g_utf8_validate (s, buflen, &p);
} while (TRUE); } while (TRUE);
*to_free = g_string_free (gstr, FALSE); return (*to_free = nm_str_buf_finalize (&strbuf, NULL));
return *to_free;
} }
const char * const char *

1
shared/nm-glib-aux/nm-shared-utils.h
View File

@@ -1024,6 +1024,7 @@ typedef enum {
NM_UTILS_STR_UTF8_SAFE_FLAG_NONE = 0, NM_UTILS_STR_UTF8_SAFE_FLAG_NONE = 0,
NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL = 0x0001, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL = 0x0001,
NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII = 0x0002, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII = 0x0002,
NM_UTILS_STR_UTF8_SAFE_FLAG_SECRET = 0x0004,
} NMUtilsStrUtf8SafeFlags; } NMUtilsStrUtf8SafeFlags;
const char *nm_utils_buf_utf8safe_escape (gconstpointer buf, gssize buflen, NMUtilsStrUtf8SafeFlags flags, char **to_free); const char *nm_utils_buf_utf8safe_escape (gconstpointer buf, gssize buflen, NMUtilsStrUtf8SafeFlags flags, char **to_free);