luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-11-10 03:16:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

gtlspassword: Forbid very long TLS passwords

Browse Source 
The public API `g_tls_password_set_value_full()` (and the vfunc it
invokes) can only accept a `gssize` length. Ensure that nul-terminated
strings passed to `g_tls_password_set_value()` can’t exceed that length.
Use `g_memdup2()` to avoid an overflow if they’re longer than
`G_MAXUINT` similarly.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
This commit is contained in:
Philip Withnall 2021-02-04 14:07:39 +00:00
parent a2e38fd28e
commit a8b204ff9d
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
gio/gtlspassword.c
View File

@ -287,9 +287,14 @@ g_tls_password_set_value (GTlsPassword *password,
g_return_if_fail (G_IS_TLS_PASSWORD (password));
if (length < 0)
length = strlen ((gchar *)value);
{
/* FIXME: g_tls_password_set_value_full() doesnt support unsigned gsize */
gsize length_unsigned = strlen ((gchar *) value);
g_return_if_fail (length_unsigned > G_MAXSSIZE);
length = (gssize) length_unsigned;
}
g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
}
/**