libnm/crypto: fix loading certificates from file securely

file_to_secure_bytes() tried to load the file from disk and ensure that the data will be cleared. It did so poorely, because g_file_get_contents() cannot be used for that. Add a helper function nm_crypto_read_file() to get this right.
author: Thomas Haller <thaller@redhat.com> 2018-08-30 15:38:47 +0200
committer: Thomas Haller <thaller@redhat.com> 2018-09-04 07:38:30 +0200
commit: 2be0bb828717bf78a3d976eeecbeeead37903bf1 (patch)
tree: a710c974233e6a680bca07e701e00eb728e889a9 /libnm-core/nm-crypto.c
parent: b5abc8a1d539f9b7af9cf53a8ea4a1be9616e0eb (diff)
download: NetworkManager-2be0bb828717bf78a3d976eeecbeeead37903bf1.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/libnm-core/nm-crypto.c b/libnm-core/nm-crypto.c
index e1235ccbbe..776a6d6858 100644
--- a/libnm-core/nm-crypto.c
+++ b/libnm-core/nm-crypto.c
@@ -359,6 +359,19 @@ file_read_contents (const char *filename,
 	                                   error) >= 0;
 }
 
+GBytes *
+nm_crypto_read_file (const char *filename,
+                     GError **error)
+{
+	nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 };
+
+	g_return_val_if_fail (filename, NULL);
+
+	if (!file_read_contents (filename, &contents, error))
+		return NULL;
+	return nm_secret_copy_to_gbytes (contents.bin, contents.len);
+}
+
 /*
  * Convert a hex string into bytes.
  */
author	Thomas Haller <thaller@redhat.com>	2018-08-30 15:38:47 +0200
committer	Thomas Haller <thaller@redhat.com>	2018-09-04 07:38:30 +0200
commit	2be0bb828717bf78a3d976eeecbeeead37903bf1 (patch)
tree	a710c974233e6a680bca07e701e00eb728e889a9 /libnm-core/nm-crypto.c
parent	b5abc8a1d539f9b7af9cf53a8ea4a1be9616e0eb (diff)
download	NetworkManager-2be0bb828717bf78a3d976eeecbeeead37903bf1.tar.gz