1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
/*
* Copyright (C) 2018 Red Hat, Inc.
*/
#include "nm-default.h"
#include "nm-secret-utils.h"
/*****************************************************************************/
void
nm_explicit_bzero(void *s, gsize n)
{
/* gracefully handle n == 0. This is important, callers rely on it. */
if (n > 0) {
nm_assert(s);
#if defined(HAVE_DECL_EXPLICIT_BZERO) && HAVE_DECL_EXPLICIT_BZERO
explicit_bzero(s, n);
#else
/* don't bother with a workaround. Use a reasonable glibc. */
memset(s, 0, n);
#endif
}
}
/*****************************************************************************/
char *
nm_secret_strchomp(char *secret)
{
gsize len;
g_return_val_if_fail(secret, NULL);
/* it's actually identical to g_strchomp(). However,
* the glib function does not document, that it clears the
* memory. For @secret, we don't only want to truncate trailing
* spaces, we want to overwrite them with NUL. */
len = strlen(secret);
while (len--) {
if (g_ascii_isspace((guchar) secret[len]))
secret[len] = '\0';
else
break;
}
return secret;
}
/*****************************************************************************/
GBytes *
nm_secret_copy_to_gbytes(gconstpointer mem, gsize mem_len)
{
NMSecretBuf *b;
if (mem_len == 0)
return g_bytes_new_static("", 0);
nm_assert(mem);
/* NUL terminate the buffer.
*
* The entire buffer is already malloc'ed and likely has some room for padding.
* Thus, in many situations, this additional byte will cause no overhead in
* practice.
*
* Even if it causes an overhead, do it just for safety. Yes, the returned
* bytes is not a NUL terminated string and no user must rely on this. Do
* not treat binary data as NUL terminated strings, unless you know what
* you are doing. Anyway, defensive FTW.
*/
b = nm_secret_buf_new(mem_len + 1);
memcpy(b->bin, mem, mem_len);
b->bin[mem_len] = 0;
return nm_secret_buf_to_gbytes_take(b, mem_len);
}
/*****************************************************************************/
NMSecretBuf *
nm_secret_buf_new(gsize len)
{
NMSecretBuf *secret;
nm_assert(len > 0);
secret = g_malloc(sizeof(NMSecretBuf) + len);
*((gsize *) &(secret->len)) = len;
return secret;
}
static void
_secret_buf_free(gpointer user_data)
{
NMSecretBuf *secret = user_data;
nm_assert(secret);
nm_assert(secret->len > 0);
nm_explicit_bzero(secret->bin, secret->len);
g_free(user_data);
}
GBytes *
nm_secret_buf_to_gbytes_take(NMSecretBuf *secret, gssize actual_len)
{
nm_assert(secret);
nm_assert(secret->len > 0);
nm_assert(actual_len == -1 || (actual_len >= 0 && actual_len <= secret->len));
return g_bytes_new_with_free_func(secret->bin,
actual_len >= 0 ? (gsize) actual_len : secret->len,
_secret_buf_free,
secret);
}
|
