From: Brandon Casey <drafnel@gmail.com>
To: git@vger.kernel.org
Cc: pah@qo.cx, Brandon Casey <drafnel@gmail.com>
Subject: [PATCH 10/15] contrib/git-credential-gnome-keyring.c: use secure memory for reading passwords
Date: Sun, 22 Sep 2013 22:08:06 -0700 [thread overview]
Message-ID: <1379912891-12277-11-git-send-email-drafnel@gmail.com> (raw)
In-Reply-To: <1379912891-12277-1-git-send-email-drafnel@gmail.com>
gnome-keyring provides functions to allocate non-pageable memory (if
possible). Let's use them to allocate memory that may be used to hold
secure data read from the keyring.
Signed-off-by: Brandon Casey <drafnel@gmail.com>
---
.../credential/gnome-keyring/git-credential-gnome-keyring.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c b/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c
index ff2f48c..94a65b2 100644
--- a/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c
+++ b/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c
@@ -289,12 +289,14 @@ static void credential_clear(struct credential *c)
static int credential_read(struct credential *c)
{
- char buf[1024];
+ char *buf;
size_t line_len;
- char *key = buf;
+ char *key;
char *value;
- while (fgets(buf, sizeof(buf), stdin))
+ key = buf = gnome_keyring_memory_alloc(1024);
+
+ while (fgets(buf, 1024, stdin))
{
line_len = strlen(buf);
@@ -307,6 +309,7 @@ static int credential_read(struct credential *c)
value = strchr(buf,'=');
if(!value) {
warning("invalid credential line: %s", key);
+ gnome_keyring_memory_free(buf);
return -1;
}
*value++ = '\0';
@@ -339,6 +342,9 @@ static int credential_read(struct credential *c)
* learn new lines, and the helpers are updated to match.
*/
}
+
+ gnome_keyring_memory_free(buf);
+
return 0;
}
--
1.8.4.489.g545bc72
next prev parent reply other threads:[~2013-09-23 5:09 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-23 5:07 [PATCH 00/15] Make Gnome Credential helper more Gnome-y and support ancient distros Brandon Casey
2013-09-23 5:07 ` [PATCH 01/15] contrib/git-credential-gnome-keyring.c: remove unnecessary pre-declarations Brandon Casey
2013-09-23 5:07 ` [PATCH 02/15] contrib/git-credential-gnome-keyring.c: remove unused die() function Brandon Casey
2013-09-23 5:07 ` [PATCH 03/15] contrib/git-credential-gnome-keyring.c: add static where applicable Brandon Casey
2013-09-23 5:08 ` [PATCH 04/15] contrib/git-credential-gnome-keyring.c: exit non-zero when called incorrectly Brandon Casey
2013-09-23 5:08 ` [PATCH 05/15] contrib/git-credential-gnome-keyring.c: set Gnome application name Brandon Casey
2013-09-23 5:08 ` [PATCH 06/15] contrib/git-credential-gnome-keyring.c: strlen() returns size_t, not ssize_t Brandon Casey
2013-09-23 5:08 ` [PATCH 07/15] contrib/git-credential-gnome-keyring.c: ensure buffer is non-empty before accessing Brandon Casey
2013-09-23 5:43 ` Felipe Contreras
2013-09-23 17:21 ` Brandon Casey
2013-09-23 5:08 ` [PATCH 08/15] contrib/git-credential-gnome-keyring.c: use gnome helpers in keyring_object() Brandon Casey
2013-09-23 5:08 ` [PATCH 09/15] contrib/git-credential-gnome-keyring.c: use secure memory functions for passwds Brandon Casey
2013-09-23 5:08 ` Brandon Casey [this message]
2013-09-23 5:08 ` [PATCH 11/15] contrib/git-credential-gnome-keyring.c: use glib memory allocation functions Brandon Casey
2013-09-23 5:08 ` [PATCH 12/15] contrib/git-credential-gnome-keyring.c: use glib messaging functions Brandon Casey
2013-09-23 5:08 ` [PATCH 13/15] contrib/git-credential-gnome-keyring.c: report failure to store password Brandon Casey
2013-09-23 5:08 ` [PATCH 14/15] contrib/git-credential-gnome-keyring.c: support ancient gnome-keyring Brandon Casey
2013-09-23 5:08 ` [PATCH 15/15] contrib/git-credential-gnome-keyring.c: support really " Brandon Casey
2013-09-23 10:20 ` [PATCH 00/15] Make Gnome Credential helper more Gnome-y and support ancient distros John Szakmeister
2013-09-23 17:21 ` Brandon Casey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1379912891-12277-11-git-send-email-drafnel@gmail.com \
--to=drafnel@gmail.com \
--cc=git@vger.kernel.org \
--cc=pah@qo.cx \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).