From 61bb52ec42de1082bfb06ce1c737fc295bfe60b8 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 8 Feb 2021 10:04:48 +0000 Subject: [PATCH 1/2] gtlspassword: Fix inverted assertion The intention here was to assert that the length of the password fits in a gssize. Passwords more than half the size of virtual memory are probably excessive. Fixes: a8b204ff "gtlspassword: Forbid very long TLS passwords" Signed-off-by: Simon McVittie --- gio/gtlspassword.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c index f5e02a1a8..948e812df 100644 --- a/gio/gtlspassword.c +++ b/gio/gtlspassword.c @@ -290,7 +290,7 @@ g_tls_password_set_value (GTlsPassword *password, { /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ gsize length_unsigned = strlen ((gchar *) value); - g_return_if_fail (length_unsigned > G_MAXSSIZE); + g_return_if_fail (length_unsigned <= G_MAXSSIZE); length = (gssize) length_unsigned; } From df4501316ca3903072400504a5ea76498db19538 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 8 Feb 2021 10:22:39 +0000 Subject: [PATCH 2/2] tls-interaction: Add test coverage for various ways to set the password Signed-off-by: Simon McVittie --- gio/tests/tls-interaction.c | 55 +++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c index 4f0737d7e..5661e8e0d 100644 --- a/gio/tests/tls-interaction.c +++ b/gio/tests/tls-interaction.c @@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction *interaction, } +/* Return a copy of @str that is allocated in a silly way, to exercise + * custom free-functions. The returned pointer points to a copy of @str + * in a buffer of the form "BEFORE \0 str \0 AFTER". */ +static guchar * +special_dup (const char *str) +{ + GString *buf = g_string_new ("BEFORE"); + guchar *ret; + + g_string_append_c (buf, '\0'); + g_string_append (buf, str); + g_string_append_c (buf, '\0'); + g_string_append (buf, "AFTER"); + ret = (guchar *) g_string_free (buf, FALSE); + return ret + strlen ("BEFORE") + 1; +} + + +/* Free a copy of @str that was made with special_dup(), after asserting + * that it has not been corrupted. */ +static void +special_free (gpointer p) +{ + gchar *s = p; + gchar *buf = s - strlen ("BEFORE") - 1; + + g_assert_cmpstr (buf, ==, "BEFORE"); + g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER"); + g_free (buf); +} + + static GTlsInteractionResult test_interaction_ask_password_sync_success (GTlsInteraction *interaction, GTlsPassword *password, @@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction, GError **error) { TestInteraction *self; + const guchar *value; + gsize len; g_assert (TEST_IS_INTERACTION (interaction)); self = TEST_INTERACTION (interaction); @@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction, g_assert (error != NULL); g_assert (*error == NULL); + /* Exercise different ways to set the value */ + g_tls_password_set_value (password, (const guchar *) "foo", 4); + len = 0; + value = g_tls_password_get_value (password, &len); + g_assert_cmpmem (value, len, "foo", 4); + + g_tls_password_set_value (password, (const guchar *) "bar", -1); + len = 0; + value = g_tls_password_get_value (password, &len); + g_assert_cmpmem (value, len, "bar", 3); + + g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free); + len = 0; + value = g_tls_password_get_value (password, &len); + g_assert_cmpmem (value, len, "baa", 4); + + g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free); + len = 0; + value = g_tls_password_get_value (password, &len); + g_assert_cmpmem (value, len, "baz", 3); + /* Don't do this in real life. Include a null terminator for testing */ g_tls_password_set_value (password, (const guchar *)"the password", 13); return G_TLS_INTERACTION_HANDLED;