mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-25 15:06:14 +01:00
gtlspassword: Forbid very long TLS passwords
The public API `g_tls_password_set_value_full()` (and the vfunc it invokes) can only accept a `gssize` length. Ensure that nul-terminated strings passed to `g_tls_password_set_value()` can’t exceed that length. Use `g_memdup2()` to avoid an overflow if they’re longer than `G_MAXUINT` similarly. Signed-off-by: Philip Withnall <pwithnall@endlessos.org> Helps: #2319
This commit is contained in:
parent
a2e38fd28e
commit
a8b204ff9d
@ -287,9 +287,14 @@ g_tls_password_set_value (GTlsPassword *password,
|
||||
g_return_if_fail (G_IS_TLS_PASSWORD (password));
|
||||
|
||||
if (length < 0)
|
||||
length = strlen ((gchar *)value);
|
||||
{
|
||||
/* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */
|
||||
gsize length_unsigned = strlen ((gchar *) value);
|
||||
g_return_if_fail (length_unsigned > G_MAXSSIZE);
|
||||
length = (gssize) length_unsigned;
|
||||
}
|
||||
|
||||
g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
|
||||
g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user