diff options
author | Thomas Haller <thaller@redhat.com> | 2018-08-30 15:23:34 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2018-09-03 18:07:59 +0200 |
commit | b5932892d57413ec2c496c981b70b7ccf5272491 (patch) | |
tree | e57b528489a243a0347483d5ebd7ce5391ba6036 | |
parent | ef003e1c3b23411a0dc1ef8f24fc2ef5e23611b2 (diff) | |
download | NetworkManager-b5932892d57413ec2c496c981b70b7ccf5272491.tar.gz |
libnm/crypto: ensure not leaking sensitive information when loading files
g_file_get_contents() may use re-alloc to load the file. Each time
it re-allocated the buffer, it does not bother clearing the loaded
buffer from memory.
Alternatively, g_file_get_contents() may use stat() and only allocate
one buffer. But also in this mode, without realloc(), it does not
clear the buffer if reading the file fails with IO error later.
Use nm_utils_file_get_contents() which does that.
While at it, don't load files larger that 100 MB.
-rw-r--r-- | libnm-core/nm-crypto.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/libnm-core/nm-crypto.c b/libnm-core/nm-crypto.c index 9dd32fe7f3..e1235ccbbe 100644 --- a/libnm-core/nm-crypto.c +++ b/libnm-core/nm-crypto.c @@ -31,6 +31,7 @@ #include <stdlib.h> #include "nm-utils/nm-secret-utils.h" +#include "nm-utils/nm-io-utils.h" #include "nm-crypto-impl.h" #include "nm-utils.h" @@ -349,7 +350,13 @@ file_read_contents (const char *filename, nm_assert (out_contents->len == 0); nm_assert (!out_contents->str); - return g_file_get_contents (filename, &out_contents->str, &out_contents->len, error); + return nm_utils_file_get_contents (-1, + filename, + 100*1024*1024, + NM_UTILS_FILE_GET_CONTENTS_FLAG_SECRET, + &out_contents->str, + &out_contents->len, + error) >= 0; } /* |