diff options
| author | Thomas Haller <thaller@redhat.com> | 2023-02-08 12:15:41 +0100 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2023-02-09 19:20:13 +0100 |
| commit | 227f0fdfafd8306cc365c924e3b8f05502c84585 (patch) | |
| tree | 167c4d24d2ab54514ef2c69c259329dca94c07f6 | |
| parent | 4ac1d3d0fb7a17d78259164f88dd33551f223bfb (diff) | |
| download | NetworkManager-227f0fdfafd8306cc365c924e3b8f05502c84585.tar.gz | |
glib-aux: drop usage of malloc_usable_size() in nm_free_secret()
The idea of nm_free_secret() is to clear the secrets from memory. That
surely is some layer of extra snake oil, because we tend to pass secrets
via D-Bus, where the memory gets passed down to (D-Bus) libraries which
have no idea to keep it private. Still...
But turns out, malloc_usable_size() might not actually be usable for
this. Read the discussion at [1].
Stop using malloc_usable_size(), which seems unfortunate.
There is probably no secret relevant data after the NUL byte anyway,
because we tend to create such strings once, and don't rewrite/truncate
them afterwards (which would leave secrets behind as garbage).
Note that systemd's erase_and_free() still uses malloc_usable_size()
([2]) but the macro foo to get that right is terrifying ([3]).
[1] https://github.com/systemd/systemd/issues/22801#issuecomment-1343041481
[2] https://github.com/systemd/systemd/blob/11c0f0659ecd82572c2dc83f3b34493a36dcd954/src/basic/memory-util.h#L101
[3] https://github.com/systemd/systemd/commit/7929e180aa47a2692ad4f053afac2857d7198758
Fixes: d63cd26e6042 ('shared: improve nm_free_secret() to clear entire memory buffer')
(cherry picked from commit 8b66865a88af7bf835147d66c309dae008507c36)
(cherry picked from commit 6e7fb78b18bbe984b7ef7b5a7358fe79f053e456)
| -rw-r--r-- | src/libnm-glib-aux/nm-secret-utils.c | 16 |
1 files changed, 1 insertions, 15 deletions
diff --git a/src/libnm-glib-aux/nm-secret-utils.c b/src/libnm-glib-aux/nm-secret-utils.c index 983b04cac8..ffab247978 100644 --- a/src/libnm-glib-aux/nm-secret-utils.c +++ b/src/libnm-glib-aux/nm-secret-utils.c @@ -39,24 +39,10 @@ nm_explicit_bzero(void *s, gsize n) void nm_free_secret(char *secret) { - gsize len; - if (!secret) return; -#if GLIB_CHECK_VERSION(2, 44, 0) - /* Here we mix malloc() and g_malloc() API. Usually we avoid this, - * however since glib 2.44.0 we are in fact guaranteed that g_malloc()/g_free() - * just wraps malloc()/free(), so this is actually fine. - * - * See https://gitlab.gnome.org/GNOME/glib/commit/3be6ed60aa58095691bd697344765e715a327fc1 - */ - len = malloc_usable_size(secret); -#else - len = strlen(secret); -#endif - - nm_explicit_bzero(secret, len); + nm_explicit_bzero(secret, strlen(secret)); g_free(secret); } |