diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-04-29 16:17:00 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2020-04-29 16:32:46 +0200 |
| commit | 94600eeb29ac889513505611ece30fea8586313e (patch) | |
| tree | 6adcf8984d545fa33eede3d44e97a507dc144abc | |
| parent | e83ef04d972f6970945d58b9a310df555871c418 (diff) | |
| download | systemd-94600eeb29ac889513505611ece30fea8586313e.tar.gz | |
json: when making a copy of a json variant, propagate the sensitive bit
Let's make sure we never lose the bit when copying a variant, after all
the data contained is still going to be sensitive after the copy.
| -rw-r--r-- | src/shared/json.c | 31 | ||||
| -rw-r--r-- | src/shared/json.h | 1 |
2 files changed, 31 insertions, 1 deletions
diff --git a/src/shared/json.c b/src/shared/json.c index 132dda14fc..330ad456ee 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -1396,6 +1396,19 @@ void json_variant_sensitive(JsonVariant *v) { v->sensitive = true; } +bool json_variant_is_sensitive(JsonVariant *v) { + v = json_variant_formalize(v); + if (!json_variant_is_regular(v)) + return false; + + return v->sensitive; +} + +static void json_variant_propagate_sensitive(JsonVariant *from, JsonVariant *to) { + if (json_variant_is_sensitive(from)) + json_variant_sensitive(to); +} + int json_variant_get_source(JsonVariant *v, const char **ret_source, unsigned *ret_line, unsigned *ret_column) { assert_return(v, -EINVAL); @@ -1829,6 +1842,8 @@ int json_variant_filter(JsonVariant **v, char **to_remove) { if (r < 0) return r; + json_variant_propagate_sensitive(*v, w); + json_variant_unref(*v); *v = TAKE_PTR(w); @@ -1898,6 +1913,8 @@ int json_variant_set_field(JsonVariant **v, const char *field, JsonVariant *valu if (r < 0) return r; + json_variant_propagate_sensitive(*v, w); + json_variant_unref(*v); *v = TAKE_PTR(w); @@ -2005,6 +2022,9 @@ int json_variant_merge(JsonVariant **v, JsonVariant *m) { if (r < 0) return r; + json_variant_propagate_sensitive(*v, w); + json_variant_propagate_sensitive(m, w); + json_variant_unref(*v); *v = TAKE_PTR(w); @@ -2044,10 +2064,11 @@ int json_variant_append_array(JsonVariant **v, JsonVariant *element) { r = json_variant_new_array(&nv, array, i + 1); } - if (r < 0) return r; + json_variant_propagate_sensitive(*v, nv); + json_variant_unref(*v); *v = TAKE_PTR(nv); @@ -2193,6 +2214,8 @@ static int json_variant_copy(JsonVariant **nv, JsonVariant *v) { memcpy_safe(&c->value, source, k); + json_variant_propagate_sensitive(v, c); + *nv = c; return 0; } @@ -4178,6 +4201,9 @@ int json_variant_sort(JsonVariant **v) { r = json_variant_new_object(&n, a, m); if (r < 0) return r; + + json_variant_propagate_sensitive(*v, n); + if (!n->sorted) /* Check if this worked. This will fail if there are multiple identical keys used. */ return -ENOTUNIQ; @@ -4226,6 +4252,9 @@ int json_variant_normalize(JsonVariant **v) { } if (r < 0) goto finish; + + json_variant_propagate_sensitive(*v, n); + if (!n->normalized) { /* Let's see if normalization worked. It will fail if there are multiple * identical keys used in the same object anywhere, or if there are floating * point numbers used (see below) */ diff --git a/src/shared/json.h b/src/shared/json.h index a4e5b6f507..ceb01a2028 100644 --- a/src/shared/json.h +++ b/src/shared/json.h @@ -135,6 +135,7 @@ JsonVariant *json_variant_by_key_full(JsonVariant *v, const char *key, JsonVaria bool json_variant_equal(JsonVariant *a, JsonVariant *b); void json_variant_sensitive(JsonVariant *v); +bool json_variant_is_sensitive(JsonVariant *v); struct json_variant_foreach_state { JsonVariant *variant; |