1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/* NetworkManager -- Network link manager
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA.
*
* (C) Copyright 2018 Red Hat, Inc.
*/
#include "nm-default.h"
#include "nm-secret-utils.h"
/*****************************************************************************/
void
nm_explicit_bzero (void *s, gsize n)
{
/* gracefully handle n == 0. This is important, callers rely on it. */
if (n > 0) {
nm_assert (s);
#if defined (HAVE_DECL_EXPLICIT_BZERO) && HAVE_DECL_EXPLICIT_BZERO
explicit_bzero (s, n);
#else
/* don't bother with a workaround. Use a reasonable glibc. */
memset (s, 0, n);
#endif
}
}
/*****************************************************************************/
char *
nm_secret_strchomp (char *secret)
{
gsize len;
g_return_val_if_fail (secret, NULL);
/* it's actually identical to g_strchomp(). However,
* the glib function does not document, that it clears the
* memory. For @secret, we don't only want to truncate trailing
* spaces, we want to overwrite them with NUL. */
len = strlen (secret);
while (len--) {
if (g_ascii_isspace ((guchar) secret[len]))
secret[len] = '\0';
else
break;
}
return secret;
}
/*****************************************************************************/
GBytes *
nm_secret_copy_to_gbytes (gconstpointer mem, gsize mem_len)
{
NMSecretBuf *b;
if (mem_len == 0)
return g_bytes_new_static ("", 0);
nm_assert (mem);
/* NUL terminate the buffer.
*
* The entire buffer is already malloc'ed and likely has some room for padding.
* Thus, in many situations, this additional byte will cause no overhead in
* practice.
*
* Even if it causes an overhead, do it just for safety. Yes, the returned
* bytes is not a NUL terminated string and no user must rely on this. Do
* not treat binary data as NUL terminated strings, unless you know what
* you are doing. Anyway, defensive FTW.
*/
b = nm_secret_buf_new (mem_len + 1);
memcpy (b->bin, mem, mem_len);
b->bin[mem_len] = 0;
return nm_secret_buf_to_gbytes_take (b, mem_len);
}
/*****************************************************************************/
NMSecretBuf *
nm_secret_buf_new (gsize len)
{
NMSecretBuf *secret;
nm_assert (len > 0);
secret = g_malloc (sizeof (NMSecretBuf) + len);
*((gsize *) &(secret->len)) = len;
return secret;
}
static void
_secret_buf_free (gpointer user_data)
{
NMSecretBuf *secret = user_data;
nm_assert (secret);
nm_assert (secret->len > 0);
nm_explicit_bzero (secret->bin, secret->len);
g_free (user_data);
}
GBytes *
nm_secret_buf_to_gbytes_take (NMSecretBuf *secret, gssize actual_len)
{
nm_assert (secret);
nm_assert (secret->len > 0);
nm_assert (actual_len == -1 || (actual_len >= 0 && actual_len <= secret->len));
return g_bytes_new_with_free_func (secret->bin,
actual_len >= 0 ? (gsize) actual_len : secret->len,
_secret_buf_free,
secret);
}
|
