shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-18 10:04:04 +03:00
Code

json: use secure un{base64,hex}mem for sensitive variants

Browse Source 
While tracing a LUKS code path in homework, I've noticed that we don't
erase buffers when doing unbase64 or unhex on JSON variants, even if the
variant is marked as sensitive.
This commit is contained in:
Kamil Szczęk 2024-06-05 11:21:23 +02:00 committed by Luca Boccassi
parent 8b439af2c0
commit 80313c5577
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/shared/json.c
View File

@ -5272,14 +5272,14 @@ int json_variant_unbase64(JsonVariant *v, void **ret, size_t *ret_size) {
if (!json_variant_is_string(v)) if (!json_variant_is_string(v))
return -EINVAL; return -EINVAL;
return unbase64mem(json_variant_string(v), ret, ret_size); return unbase64mem_full(json_variant_string(v), SIZE_MAX, /* secure= */ json_variant_is_sensitive(v), ret, ret_size);
} }
int json_variant_unhex(JsonVariant *v, void **ret, size_t *ret_size) { int json_variant_unhex(JsonVariant *v, void **ret, size_t *ret_size) {
if (!json_variant_is_string(v)) if (!json_variant_is_string(v))
return -EINVAL; return -EINVAL;
return unhexmem(json_variant_string(v), ret, ret_size); return unhexmem_full(json_variant_string(v), SIZE_MAX, /* secure= */ json_variant_is_sensitive(v), ret, ret_size);
} }
static const char* const json_variant_type_table[_JSON_VARIANT_TYPE_MAX] = { static const char* const json_variant_type_table[_JSON_VARIANT_TYPE_MAX] = {