1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00

hexdecoct: make unbase64mem and unhexmem always use SIZE_MAX

This commit is contained in:
Mike Yuan 2024-01-08 17:22:33 +08:00 committed by Yu Watanabe
parent 7f13af72f8
commit bdd2036e81
39 changed files with 86 additions and 84 deletions

View File

@ -48,7 +48,7 @@ static int get_current_pcr(const char *alg, uint32_t pcr, void **ret, size_t *re
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to read '%s': %m", p); return log_error_errno(r, "Failed to read '%s': %m", p);
r = unhexmem(s, ss, &buf, &bufsize); r = unhexmem_full(s, ss, /* secure = */ false, &buf, &bufsize);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode hex PCR data '%s': %m", s); return log_error_errno(r, "Failed to decode hex PCR data '%s': %m", s);

View File

@ -114,7 +114,7 @@ int unhexmem_full(
const char *p, const char *p,
size_t l, size_t l,
bool secure, bool secure,
void **ret, void **ret_data,
size_t *ret_len) { size_t *ret_len) {
_cleanup_free_ uint8_t *buf = NULL; _cleanup_free_ uint8_t *buf = NULL;
@ -155,8 +155,8 @@ int unhexmem_full(
if (ret_len) if (ret_len)
*ret_len = (size_t) (z - buf); *ret_len = (size_t) (z - buf);
if (ret) if (ret_data)
*ret = TAKE_PTR(buf); *ret_data = TAKE_PTR(buf);
return 0; return 0;
} }
@ -766,7 +766,7 @@ int unbase64mem_full(
const char *p, const char *p,
size_t l, size_t l,
bool secure, bool secure,
void **ret, void **ret_data,
size_t *ret_size) { size_t *ret_size) {
_cleanup_free_ uint8_t *buf = NULL; _cleanup_free_ uint8_t *buf = NULL;
@ -854,8 +854,8 @@ int unbase64mem_full(
if (ret_size) if (ret_size)
*ret_size = (size_t) (z - buf); *ret_size = (size_t) (z - buf);
if (ret) if (ret_data)
*ret = TAKE_PTR(buf); *ret_data = TAKE_PTR(buf);
return 0; return 0;
} }

View File

@ -18,9 +18,9 @@ char hexchar(int x) _const_;
int unhexchar(char c) _const_; int unhexchar(char c) _const_;
char *hexmem(const void *p, size_t l); char *hexmem(const void *p, size_t l);
int unhexmem_full(const char *p, size_t l, bool secure, void **mem, size_t *len); int unhexmem_full(const char *p, size_t l, bool secure, void **ret_data, size_t *ret_size);
static inline int unhexmem(const char *p, size_t l, void **mem, size_t *len) { static inline int unhexmem(const char *p, void **ret_data, size_t *ret_size) {
return unhexmem_full(p, l, false, mem, len); return unhexmem_full(p, SIZE_MAX, false, ret_data, ret_size);
} }
char base32hexchar(int x) _const_; char base32hexchar(int x) _const_;
@ -45,9 +45,9 @@ ssize_t base64_append(
size_t l, size_t l,
size_t margin, size_t margin,
size_t width); size_t width);
int unbase64mem_full(const char *p, size_t l, bool secure, void **mem, size_t *len); int unbase64mem_full(const char *p, size_t l, bool secure, void **ret_data, size_t *ret_size);
static inline int unbase64mem(const char *p, size_t l, void **mem, size_t *len) { static inline int unbase64mem(const char *p, void **ret_data, size_t *ret_size) {
return unbase64mem_full(p, l, false, mem, len); return unbase64mem_full(p, SIZE_MAX, false, ret_data, ret_size);
} }
void hexdump(FILE *f, const void *p, size_t s); void hexdump(FILE *f, const void *p, size_t s);

View File

@ -419,7 +419,7 @@ static int measure_kernel(PcrState *pcr_states, size_t n) {
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to read '%s': %m", p); return log_error_errno(r, "Failed to read '%s': %m", p);
r = unhexmem(strstrip(s), SIZE_MAX, &v, &sz); r = unhexmem(strstrip(s), &v, &sz);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode PCR value '%s': %m", s); return log_error_errno(r, "Failed to decode PCR value '%s': %m", s);
@ -995,7 +995,7 @@ static int verb_status(int argc, char *argv[], void *userdata) {
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to read '%s': %m", p); return log_error_errno(r, "Failed to read '%s': %m", p);
r = unhexmem(strstrip(s), SIZE_MAX, &h, &l); r = unhexmem(strstrip(s), &h, &l);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode PCR value '%s': %m", s); return log_error_errno(r, "Failed to decode PCR value '%s': %m", s);

View File

@ -2670,12 +2670,12 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) {
return r; return r;
} else if ((val = startswith(l, "exec-context-root-hash="))) { } else if ((val = startswith(l, "exec-context-root-hash="))) {
c->root_hash = mfree(c->root_hash); c->root_hash = mfree(c->root_hash);
r = unhexmem(val, strlen(val), &c->root_hash, &c->root_hash_size); r = unhexmem(val, &c->root_hash, &c->root_hash_size);
if (r < 0) if (r < 0)
return r; return r;
} else if ((val = startswith(l, "exec-context-root-hash-sig="))) { } else if ((val = startswith(l, "exec-context-root-hash-sig="))) {
c->root_hash_sig = mfree(c->root_hash_sig); c->root_hash_sig = mfree(c->root_hash_sig);
r= unbase64mem(val, strlen(val), &c->root_hash_sig, &c->root_hash_sig_size); r= unbase64mem(val, &c->root_hash_sig, &c->root_hash_sig_size);
if (r < 0) if (r < 0)
return r; return r;
} else if ((val = startswith(l, "exec-context-root-ephemeral="))) { } else if ((val = startswith(l, "exec-context-root-ephemeral="))) {
@ -3055,7 +3055,7 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) {
if (c->stdin_data) if (c->stdin_data)
return -EINVAL; /* duplicated */ return -EINVAL; /* duplicated */
r = unbase64mem(val, strlen(val), &c->stdin_data, &c->stdin_data_size); r = unbase64mem(val, &c->stdin_data, &c->stdin_data_size);
if (r < 0) if (r < 0)
return r; return r;
} else if ((val = startswith(l, "exec-context-tty-path="))) { } else if ((val = startswith(l, "exec-context-tty-path="))) {
@ -3690,7 +3690,7 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) {
.encrypted = r, .encrypted = r,
}; };
r = unbase64mem(data, strlen(data), &sc->data, &sc->size); r = unbase64mem(data, &sc->data, &sc->size);
if (r < 0) if (r < 0)
return r; return r;

View File

@ -314,7 +314,7 @@ static int proc_cmdline_callback(const char *key, const char *value, void *data)
colon++; colon++;
if (base64) { if (base64) {
r = unbase64mem(colon, SIZE_MAX, &binary, &l); r = unbase64mem(colon, &binary, &l);
if (r < 0) { if (r < 0) {
log_warning_errno(r, "Failed to decode binary credential '%s' data, ignoring: %m", n); log_warning_errno(r, "Failed to decode binary credential '%s' data, ignoring: %m", n);
return 0; return 0;
@ -525,7 +525,7 @@ static int parse_smbios_strings(ImportCredentialContext *c, const char *data, si
/* Optionally base64 decode the data, if requested, to allow binary credentials */ /* Optionally base64 decode the data, if requested, to allow binary credentials */
if (unbase64) { if (unbase64) {
r = unbase64mem(eq + 1, nul - (eq + 1), &buf, &buflen); r = unbase64mem_full(eq + 1, nul - (eq + 1), /* secure = */ false, &buf, &buflen);
if (r < 0) { if (r < 0) {
log_warning_errno(r, "Failed to base64 decode credential '%s', ignoring: %m", cn); log_warning_errno(r, "Failed to base64 decode credential '%s', ignoring: %m", cn);
continue; continue;

View File

@ -1254,7 +1254,7 @@ int config_parse_exec_input_data(
return 0; return 0;
} }
r = unbase64mem(rvalue, SIZE_MAX, &p, &sz); r = unbase64mem(rvalue, &p, &sz);
if (r < 0) { if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to decode base64 data, ignoring: %s", rvalue); "Failed to decode base64 data, ignoring: %s", rvalue);
@ -1748,7 +1748,7 @@ int config_parse_exec_root_hash(
} }
/* We have a roothash to decode, eg: RootHash=012345789abcdef */ /* We have a roothash to decode, eg: RootHash=012345789abcdef */
r = unhexmem(rvalue, strlen(rvalue), &roothash_decoded, &roothash_decoded_size); r = unhexmem(rvalue, &roothash_decoded, &roothash_decoded_size);
if (r < 0) { if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHash=, ignoring: %s", rvalue); log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHash=, ignoring: %s", rvalue);
return 0; return 0;
@ -1816,7 +1816,7 @@ int config_parse_exec_root_hash_sig(
} }
/* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */ /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
r = unbase64mem(value, strlen(value), &roothash_sig_decoded, &roothash_sig_decoded_size); r = unbase64mem(value, &roothash_sig_decoded, &roothash_sig_decoded_size);
if (r < 0) { if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHashSignature=, ignoring: %s", rvalue); log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHashSignature=, ignoring: %s", rvalue);
return 0; return 0;

View File

@ -464,7 +464,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
if (proc_cmdline_value_missing(key, value)) if (proc_cmdline_value_missing(key, value))
return 0; return 0;
r = unbase64mem(value, SIZE_MAX, &p, &sz); r = unbase64mem(value, &p, &sz);
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to parse systemd.random_seed= argument, ignoring: %s", value); log_warning_errno(r, "Failed to parse systemd.random_seed= argument, ignoring: %s", value);

View File

@ -51,7 +51,7 @@ static int search_policy_hash(
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"TPM2 token data lacks 'tpm2-policy-hash' field."); "TPM2 token data lacks 'tpm2-policy-hash' field.");
r = unhexmem(json_variant_string(w), SIZE_MAX, &thash, &thash_size); r = unhexmem(json_variant_string(w), &thash, &thash_size);
if (r < 0) if (r < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Invalid base64 data in 'tpm2-policy-hash' field."); "Invalid base64 data in 'tpm2-policy-hash' field.");

View File

@ -154,7 +154,7 @@ int find_pkcs11_auto_data(
assert(!key); assert(!key);
assert(key_size == 0); assert(key_size == 0);
r = unbase64mem(json_variant_string(w), SIZE_MAX, &key, &key_size); r = unbase64mem(json_variant_string(w), &key, &key_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode base64 encoded key."); return log_error_errno(r, "Failed to decode base64 encoded key.");
} }

View File

@ -172,7 +172,7 @@ _public_ int cryptsetup_token_validate(
return 1; return 1;
} }
r = unbase64mem(json_variant_string(w), SIZE_MAX, NULL, NULL); r = unbase64mem(json_variant_string(w), NULL, NULL);
if (r < 0) if (r < 0)
return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'fido2-credential' field: %m"); return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'fido2-credential' field: %m");
@ -182,7 +182,7 @@ _public_ int cryptsetup_token_validate(
return 1; return 1;
} }
r = unbase64mem(json_variant_string(w), SIZE_MAX, NULL, NULL); r = unbase64mem(json_variant_string(w), NULL, NULL);
if (r < 0) if (r < 0)
return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded salt: %m."); return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded salt: %m.");

View File

@ -136,7 +136,7 @@ _public_ int cryptsetup_token_validate(
return 1; return 1;
} }
r = unbase64mem(json_variant_string(w), SIZE_MAX, NULL, NULL); r = unbase64mem(json_variant_string(w), NULL, NULL);
if (r < 0) if (r < 0)
return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded key: %m."); return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded key: %m.");

View File

@ -309,7 +309,7 @@ _public_ int cryptsetup_token_validate(
return 1; return 1;
} }
r = unbase64mem(json_variant_string(w), SIZE_MAX, NULL, NULL); r = unbase64mem(json_variant_string(w), NULL, NULL);
if (r < 0) if (r < 0)
return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'tpm2-blob' field: %m"); return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'tpm2-blob' field: %m");
@ -319,7 +319,7 @@ _public_ int cryptsetup_token_validate(
return 1; return 1;
} }
r = unhexmem(json_variant_string(w), SIZE_MAX, NULL, NULL); r = unhexmem(json_variant_string(w), NULL, NULL);
if (r < 0) if (r < 0)
return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'tpm2-policy-hash' field: %m"); return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'tpm2-policy-hash' field: %m");

View File

@ -104,7 +104,7 @@ int parse_luks2_fido2_data(
if (!w) if (!w)
return -EINVAL; return -EINVAL;
r = unbase64mem(json_variant_string(w), SIZE_MAX, &cid, &cid_size); r = unbase64mem(json_variant_string(w), &cid, &cid_size);
if (r < 0) if (r < 0)
return crypt_log_error_errno(cd, r, "Failed to parse 'fido2-credentials' field: %m"); return crypt_log_error_errno(cd, r, "Failed to parse 'fido2-credentials' field: %m");
@ -112,7 +112,7 @@ int parse_luks2_fido2_data(
if (!w) if (!w)
return -EINVAL; return -EINVAL;
r = unbase64mem(json_variant_string(w), SIZE_MAX, &salt, &salt_size); r = unbase64mem(json_variant_string(w), &salt, &salt_size);
if (r < 0) if (r < 0)
return crypt_log_error_errno(cd, r, "Failed to parse 'fido2-salt' field: %m"); return crypt_log_error_errno(cd, r, "Failed to parse 'fido2-salt' field: %m");

View File

@ -260,7 +260,7 @@ int parse_luks2_pkcs11_data(
if (!w) if (!w)
return -EINVAL; return -EINVAL;
r = unbase64mem(json_variant_string(w), SIZE_MAX, &key, &key_size); r = unbase64mem(json_variant_string(w), &key, &key_size);
if (r < 0) if (r < 0)
return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded key: %m."); return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded key: %m.");

View File

@ -368,7 +368,7 @@ static int parse_one_option(const char *option) {
_cleanup_free_ void *cid = NULL; _cleanup_free_ void *cid = NULL;
size_t cid_size; size_t cid_size;
r = unbase64mem(val, SIZE_MAX, &cid, &cid_size); r = unbase64mem(val, &cid, &cid_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode FIDO2 CID data: %m"); return log_error_errno(r, "Failed to decode FIDO2 CID data: %m");

View File

@ -423,7 +423,7 @@ static int parse_argv(int argc, char *argv[]) {
_cleanup_free_ void *p = NULL; _cleanup_free_ void *p = NULL;
size_t l; size_t l;
r = unhexmem(optarg, strlen(optarg), &p, &l); r = unhexmem(optarg, &p, &l);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg); return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg);
if (l < sizeof(sd_id128_t)) if (l < sizeof(sd_id128_t))
@ -441,7 +441,7 @@ static int parse_argv(int argc, char *argv[]) {
void *p; void *p;
if ((value = startswith(optarg, "base64:"))) { if ((value = startswith(optarg, "base64:"))) {
r = unbase64mem(value, strlen(value), &p, &l); r = unbase64mem(value, &p, &l);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg); return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
} else { } else {

View File

@ -239,10 +239,11 @@ static int fscrypt_setup(
if (!e) if (!e)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "xattr %s lacks ':' separator: %m", xa); return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "xattr %s lacks ':' separator: %m", xa);
r = unbase64mem(value, e - value, &salt, &salt_size); r = unbase64mem_full(value, e - value, /* secure = */ false, &salt, &salt_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode salt of %s: %m", xa); return log_error_errno(r, "Failed to decode salt of %s: %m", xa);
r = unbase64mem(e+1, n - (e - value) - 1, &encrypted, &encrypted_size);
r = unbase64mem_full(e + 1, n - (e - value) - 1, /* secure = */ false, &encrypted, &encrypted_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode encrypted key of %s: %m", xa); return log_error_errno(r, "Failed to decode encrypted key of %s: %m", xa);

View File

@ -353,7 +353,7 @@ static int parse_argv(int argc, char *argv[]) {
/* If this is not a valid verification mode, maybe it's a literally specified /* If this is not a valid verification mode, maybe it's a literally specified
* SHA256 hash? We can handle that too... */ * SHA256 hash? We can handle that too... */
r = unhexmem(optarg, (size_t) -1, &h, &n); r = unhexmem(optarg, &h, &n);
if (r < 0 || n == 0) if (r < 0 || n == 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Invalid verification setting: %s", optarg); "Invalid verification setting: %s", optarg);

View File

@ -1479,7 +1479,7 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) {
_cleanup_free_ void *data = NULL; _cleanup_free_ void *data = NULL;
size_t data_size; size_t data_size;
r = unhexmem(client_id_hex, SIZE_MAX, &data, &data_size); r = unhexmem(client_id_hex, &data, &data_size);
if (r < 0) if (r < 0)
log_debug_errno(r, "Failed to parse client ID %s, ignoring: %m", client_id_hex); log_debug_errno(r, "Failed to parse client ID %s, ignoring: %m", client_id_hex);
@ -1489,7 +1489,7 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) {
} }
if (vendor_specific_hex) { if (vendor_specific_hex) {
r = unhexmem(vendor_specific_hex, SIZE_MAX, &lease->vendor_specific, &lease->vendor_specific_len); r = unhexmem(vendor_specific_hex, &lease->vendor_specific, &lease->vendor_specific_len);
if (r < 0) if (r < 0)
log_debug_errno(r, "Failed to parse vendor specific data %s, ignoring: %m", vendor_specific_hex); log_debug_errno(r, "Failed to parse vendor specific data %s, ignoring: %m", vendor_specific_hex);
} }
@ -1501,7 +1501,7 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) {
if (!options[i]) if (!options[i])
continue; continue;
r = unhexmem(options[i], SIZE_MAX, &data, &len); r = unhexmem(options[i], &data, &len);
if (r < 0) { if (r < 0) {
log_debug_errno(r, "Failed to parse private DHCP option %s, ignoring: %m", options[i]); log_debug_errno(r, "Failed to parse private DHCP option %s, ignoring: %m", options[i]);
continue; continue;

View File

@ -266,7 +266,7 @@ static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
if (l % 2 != 0) if (l % 2 != 0)
return 0; return 0;
r = unhexmem(p, l, (void **) &token, &len); r = unhexmem_full(p, l, /* secure = */ false, (void**) &token, &len);
if (r < 0) if (r < 0)
return 0; return 0;
@ -298,7 +298,7 @@ static int verify_external_token(sd_bus *b, const char *p, size_t l) {
if (l % 2 != 0) if (l % 2 != 0)
return 0; return 0;
r = unhexmem(p, l, (void**) &token, &len); r = unhexmem_full(p, l, /* secure = */ false, (void**) &token, &len);
if (r < 0) if (r < 0)
return 0; return 0;

View File

@ -1976,7 +1976,7 @@ _public_ int sd_event_add_memory_pressure(
env = secure_getenv("MEMORY_PRESSURE_WRITE"); env = secure_getenv("MEMORY_PRESSURE_WRITE");
if (env) { if (env) {
r = unbase64mem(env, SIZE_MAX, &write_buffer, &write_buffer_size); r = unbase64mem(env, &write_buffer, &write_buffer_size);
if (r < 0) if (r < 0)
return r; return r;
} }

View File

@ -712,7 +712,7 @@ int config_parse_macsec_key(
dest = a ? &a->sa : &b->sa; dest = a ? &a->sa : &b->sa;
r = unhexmem_full(rvalue, strlen(rvalue), true, &p, &l); r = unhexmem_full(rvalue, SIZE_MAX, /* secure = */ true, &p, &l);
if (r < 0) { if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse key. Ignoring assignment: %m"); log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse key. Ignoring assignment: %m");
return 0; return 0;
@ -820,7 +820,7 @@ int config_parse_macsec_key_id(
if (r < 0) if (r < 0)
return log_oom(); return log_oom();
r = unhexmem(rvalue, strlen(rvalue), &p, &l); r = unhexmem(rvalue, &p, &l);
if (r == -ENOMEM) if (r == -ENOMEM)
return log_oom(); return log_oom();
if (r < 0) { if (r < 0) {

View File

@ -1396,7 +1396,7 @@ static int parse_argv(int argc, char *argv[]) {
_cleanup_free_ void *k = NULL; _cleanup_free_ void *k = NULL;
size_t l; size_t l;
r = unhexmem(optarg, strlen(optarg), &k, &l); r = unhexmem(optarg, &k, &l);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to parse root hash: %s", optarg); return log_error_errno(r, "Failed to parse root hash: %s", optarg);
if (l < sizeof(sd_id128_t)) if (l < sizeof(sd_id128_t))
@ -1413,7 +1413,7 @@ static int parse_argv(int argc, char *argv[]) {
void *p; void *p;
if ((value = startswith(optarg, "base64:"))) { if ((value = startswith(optarg, "base64:"))) {
r = unbase64mem(value, strlen(value), &p, &l); r = unbase64mem(value, &p, &l);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg); return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);

View File

@ -362,7 +362,7 @@ int config_parse_dnssd_txt(
case DNS_TXT_ITEM_DATA: case DNS_TXT_ITEM_DATA:
if (value) { if (value) {
r = unbase64mem(value, strlen(value), &decoded, &length); r = unbase64mem(value, &decoded, &length);
if (r == -ENOMEM) if (r == -ENOMEM)
return log_oom(); return log_oom();
if (r < 0) { if (r < 0) {

View File

@ -279,7 +279,7 @@ static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, u
return -EINVAL; return -EINVAL;
} }
r = unhexmem(p, strlen(p), &dd, &l); r = unhexmem(p, &dd, &l);
if (r < 0) { if (r < 0) {
log_warning("Failed to parse DS digest %s on line %s:%u", p, path, line); log_warning("Failed to parse DS digest %s on line %s:%u", p, path, line);
return -EINVAL; return -EINVAL;
@ -338,7 +338,7 @@ static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, u
return -EINVAL; return -EINVAL;
} }
r = unbase64mem(p, strlen(p), &k, &l); r = unbase64mem(p, &k, &l);
if (r < 0) if (r < 0)
return log_warning_errno(r, "Failed to parse DNSKEY key data %s on line %s:%u", p, path, line); return log_warning_errno(r, "Failed to parse DNSKEY key data %s on line %s:%u", p, path, line);

View File

@ -1213,7 +1213,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
_cleanup_free_ void *decoded = NULL; _cleanup_free_ void *decoded = NULL;
size_t decoded_size; size_t decoded_size;
r = unbase64mem(p, SIZE_MAX, &decoded, &decoded_size); r = unbase64mem(p, &decoded, &decoded_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to base64 decode encrypted credential: %m"); return log_error_errno(r, "Failed to base64 decode encrypted credential: %m");
@ -1400,7 +1400,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
_cleanup_free_ void *decoded = NULL; _cleanup_free_ void *decoded = NULL;
size_t sz; size_t sz;
r = unbase64mem(eq, SIZE_MAX, &decoded, &sz); r = unbase64mem(eq, &decoded, &sz);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode base64 data '%s': %m", eq); return log_error_errno(r, "Failed to decode base64 data '%s': %m", eq);
@ -1787,7 +1787,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
return bus_append_string(m, "RootHashPath", eq); return bus_append_string(m, "RootHashPath", eq);
/* We have a roothash to decode, eg: RootHash=012345789abcdef */ /* We have a roothash to decode, eg: RootHash=012345789abcdef */
r = unhexmem(eq, strlen(eq), &roothash_decoded, &roothash_decoded_size); r = unhexmem(eq, &roothash_decoded, &roothash_decoded_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode RootHash= '%s': %m", eq); return log_error_errno(r, "Failed to decode RootHash= '%s': %m", eq);
if (roothash_decoded_size < sizeof(sd_id128_t)) if (roothash_decoded_size < sizeof(sd_id128_t))
@ -1809,7 +1809,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to decode RootHashSignature= '%s', not a path but doesn't start with 'base64:': %m", eq); return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to decode RootHashSignature= '%s', not a path but doesn't start with 'base64:': %m", eq);
/* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */ /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
r = unbase64mem(value, strlen(value), &roothash_sig_decoded, &roothash_sig_decoded_size); r = unbase64mem(value, &roothash_sig_decoded, &roothash_sig_decoded_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode RootHashSignature= '%s': %m", eq); return log_error_errno(r, "Failed to decode RootHashSignature= '%s': %m", eq);

View File

@ -177,7 +177,7 @@ int acquire_fido2_key_auto(
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"FIDO2 token data lacks 'fido2-credential' field."); "FIDO2 token data lacks 'fido2-credential' field.");
r = unbase64mem(json_variant_string(w), SIZE_MAX, &cid, &cid_size); r = unbase64mem(json_variant_string(w), &cid, &cid_size);
if (r < 0) if (r < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Invalid base64 data in 'fido2-credential' field."); "Invalid base64 data in 'fido2-credential' field.");
@ -189,7 +189,7 @@ int acquire_fido2_key_auto(
assert(!salt); assert(!salt);
assert(salt_size == 0); assert(salt_size == 0);
r = unbase64mem(json_variant_string(w), SIZE_MAX, &salt, &salt_size); r = unbase64mem(json_variant_string(w), &salt, &salt_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to decode base64 encoded salt."); return log_error_errno(r, "Failed to decode base64 encoded salt.");

View File

@ -3166,7 +3166,7 @@ int verity_settings_load(
} }
if (text) { if (text) {
r = unhexmem(text, strlen(text), &root_hash, &root_hash_size); r = unhexmem(text, &root_hash, &root_hash_size);
if (r < 0) if (r < 0)
return r; return r;
if (root_hash_size < sizeof(sd_id128_t)) if (root_hash_size < sizeof(sd_id128_t))
@ -3320,7 +3320,7 @@ int dissected_image_load_verity_sig_partition(
if (!json_variant_is_string(rh)) if (!json_variant_is_string(rh))
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'rootHash' field of signature JSON object is not a string."); return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'rootHash' field of signature JSON object is not a string.");
r = unhexmem(json_variant_string(rh), SIZE_MAX, &root_hash, &root_hash_size); r = unhexmem(json_variant_string(rh), &root_hash, &root_hash_size);
if (r < 0) if (r < 0)
return log_debug_errno(r, "Failed to parse root hash field: %m"); return log_debug_errno(r, "Failed to parse root hash field: %m");
@ -3341,7 +3341,7 @@ int dissected_image_load_verity_sig_partition(
if (!json_variant_is_string(sig)) if (!json_variant_is_string(sig))
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'signature' field of signature JSON object is not a string."); return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'signature' field of signature JSON object is not a string.");
r = unbase64mem(json_variant_string(sig), SIZE_MAX, &root_hash_sig, &root_hash_sig_size); r = unbase64mem(json_variant_string(sig), &root_hash_sig, &root_hash_sig_size);
if (r < 0) if (r < 0)
return log_debug_errno(r, "Failed to parse signature field: %m"); return log_debug_errno(r, "Failed to parse signature field: %m");

View File

@ -5139,14 +5139,14 @@ int json_variant_unbase64(JsonVariant *v, void **ret, size_t *ret_size) {
if (!json_variant_is_string(v)) if (!json_variant_is_string(v))
return -EINVAL; return -EINVAL;
return unbase64mem(json_variant_string(v), SIZE_MAX, ret, ret_size); return unbase64mem(json_variant_string(v), ret, ret_size);
} }
int json_variant_unhex(JsonVariant *v, void **ret, size_t *ret_size) { int json_variant_unhex(JsonVariant *v, void **ret, size_t *ret_size) {
if (!json_variant_is_string(v)) if (!json_variant_is_string(v))
return -EINVAL; return -EINVAL;
return unhexmem(json_variant_string(v), SIZE_MAX, ret, ret_size); return unhexmem(json_variant_string(v), ret, ret_size);
} }
static const char* const json_variant_type_table[_JSON_VARIANT_TYPE_MAX] = { static const char* const json_variant_type_table[_JSON_VARIANT_TYPE_MAX] = {

View File

@ -79,7 +79,7 @@ bool can_memlock(void);
#define DEFINE_HEX_PTR(name, hex) \ #define DEFINE_HEX_PTR(name, hex) \
_cleanup_free_ void *name = NULL; \ _cleanup_free_ void *name = NULL; \
size_t name##_len = 0; \ size_t name##_len = 0; \
assert_se(unhexmem(hex, strlen_ptr(hex), &name, &name##_len) >= 0); assert_se(unhexmem_full(hex, strlen_ptr(hex), false, &name, &name##_len) >= 0);
#define TEST_REQ_RUNNING_SYSTEMD(x) \ #define TEST_REQ_RUNNING_SYSTEMD(x) \
if (sd_booted() > 0) { \ if (sd_booted() > 0) { \

View File

@ -1875,7 +1875,7 @@ int tpm2_pcr_value_from_string(const char *arg, Tpm2PCRValue *ret_pcr_value) {
_cleanup_free_ void *buf = NULL; _cleanup_free_ void *buf = NULL;
size_t buf_size = 0; size_t buf_size = 0;
r = unhexmem(p, SIZE_MAX, &buf, &buf_size); r = unhexmem(p, &buf, &buf_size);
if (r < 0) if (r < 0)
return log_debug_errno(r, "Invalid pcr hash value '%s': %m", p); return log_debug_errno(r, "Invalid pcr hash value '%s': %m", p);

View File

@ -711,7 +711,7 @@ static int dispatch_pkcs11_key_data(const char *name, JsonVariant *variant, Json
if (!json_variant_is_string(variant)) if (!json_variant_is_string(variant))
return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l); r = unbase64mem(json_variant_string(variant), &b, &l);
if (r < 0) if (r < 0)
return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m"); return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m");
@ -778,7 +778,7 @@ static int dispatch_fido2_hmac_credential(const char *name, JsonVariant *variant
if (!json_variant_is_string(variant)) if (!json_variant_is_string(variant))
return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l); r = unbase64mem(json_variant_string(variant), &b, &l);
if (r < 0) if (r < 0)
return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m"); return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
@ -808,7 +808,7 @@ static int dispatch_fido2_hmac_credential_array(const char *name, JsonVariant *v
if (!array) if (!array)
return log_oom(); return log_oom();
r = unbase64mem(json_variant_string(e), SIZE_MAX, &b, &l); r = unbase64mem(json_variant_string(e), &b, &l);
if (r < 0) if (r < 0)
return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m"); return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
@ -838,7 +838,7 @@ static int dispatch_fido2_hmac_salt_value(const char *name, JsonVariant *variant
if (!json_variant_is_string(variant)) if (!json_variant_is_string(variant))
return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l); r = unbase64mem(json_variant_string(variant), &b, &l);
if (r < 0) if (r < 0)
return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m"); return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m");

View File

@ -404,7 +404,7 @@ int pattern_match(const char *pattern, const char *s, InstanceMetadata *ret) {
if (strlen(t) != sizeof(found.sha256sum) * 2) if (strlen(t) != sizeof(found.sha256sum) * 2)
goto nope; goto nope;
r = unhexmem(t, sizeof(found.sha256sum) * 2, &d, &l); r = unhexmem_full(t, sizeof(found.sha256sum) * 2, /* secure = */ false, &d, &l);
if (r == -ENOMEM) if (r == -ENOMEM)
return r; return r;
if (r < 0) if (r < 0)

View File

@ -398,7 +398,7 @@ static int resource_load_from_web(
if (p[0] == '\\') if (p[0] == '\\')
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "File names with escapes not supported in manifest at line %zu, refusing.", line_nr); return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "File names with escapes not supported in manifest at line %zu, refusing.", line_nr);
r = unhexmem(p, 64, &h, &hlen); r = unhexmem_full(p, 64, /* secure = */ false, &h, &hlen);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to parse digest at manifest line %zu, refusing.", line_nr); return log_error_errno(r, "Failed to parse digest at manifest line %zu, refusing.", line_nr);

View File

@ -82,7 +82,7 @@ static void test_hexmem_one(const char *in, const char *expected) {
log_debug("hexmem(\"%s\") → \"%s\" (expected: \"%s\")", strnull(in), result, expected); log_debug("hexmem(\"%s\") → \"%s\" (expected: \"%s\")", strnull(in), result, expected);
assert_se(streq(result, expected)); assert_se(streq(result, expected));
assert_se(unhexmem(result, SIZE_MAX, &mem, &len) >= 0); assert_se(unhexmem(result, &mem, &len) >= 0);
assert_se(memcmp_safe(mem, in, len) == 0); assert_se(memcmp_safe(mem, in, len) == 0);
} }
@ -97,7 +97,7 @@ static void test_unhexmem_one(const char *s, size_t l, int retval) {
_cleanup_free_ void *mem = NULL; _cleanup_free_ void *mem = NULL;
size_t len; size_t len;
assert_se(unhexmem(s, l, &mem, &len) == retval); assert_se(unhexmem_full(s, l, /* secure = */ false, &mem, &len) == retval);
if (retval == 0) { if (retval == 0) {
char *answer; char *answer;
@ -318,7 +318,7 @@ TEST(base64mem_linebreak) {
assert_se(encoded); assert_se(encoded);
assert_se((size_t) l == strlen(encoded)); assert_se((size_t) l == strlen(encoded));
assert_se(unbase64mem(encoded, SIZE_MAX, &decoded, &decoded_size) >= 0); assert_se(unbase64mem(encoded, &decoded, &decoded_size) >= 0);
assert_se(decoded_size == n); assert_se(decoded_size == n);
assert_se(memcmp(data, decoded, n) == 0); assert_se(memcmp(data, decoded, n) == 0);
@ -452,7 +452,7 @@ static void test_unbase64mem_one(const char *input, const char *output, int ret)
_cleanup_free_ void *buffer = NULL; _cleanup_free_ void *buffer = NULL;
size_t size = 0; size_t size = 0;
assert_se(unbase64mem(input, SIZE_MAX, &buffer, &size) == ret); assert_se(unbase64mem(input, &buffer, &size) == ret);
if (ret >= 0) { if (ret >= 0) {
assert_se(size == strlen(output)); assert_se(size == strlen(output));
assert_se(memcmp(buffer, output, size) == 0); assert_se(memcmp(buffer, output, size) == 0);
@ -533,12 +533,12 @@ TEST(base64withwithouturl) {
size_t size; size_t size;
/* This is regular base64 */ /* This is regular base64 */
assert_se(unbase64mem("zKFyIq7aZn4EpuCCmpcF9jPgD8JFE1g/xfT0Mas8X4M0WycyigRsQ4IH4yysufus0AORQsuk3oeGhRC7t1tLyKD0Ih0VcYedv5+p8e6itqrIwzecu98+rNyUVDhWBzS0PMwxEw==", SIZE_MAX, &buffer, &size) >= 0); assert_se(unbase64mem("zKFyIq7aZn4EpuCCmpcF9jPgD8JFE1g/xfT0Mas8X4M0WycyigRsQ4IH4yysufus0AORQsuk3oeGhRC7t1tLyKD0Ih0VcYedv5+p8e6itqrIwzecu98+rNyUVDhWBzS0PMwxEw==", &buffer, &size) >= 0);
assert_se(memcmp_nn(plaintext, sizeof(plaintext), buffer, size) == 0); assert_se(memcmp_nn(plaintext, sizeof(plaintext), buffer, size) == 0);
buffer = mfree(buffer); buffer = mfree(buffer);
/* This is the same but in base64url */ /* This is the same but in base64url */
assert_se(unbase64mem("zKFyIq7aZn4EpuCCmpcF9jPgD8JFE1g_xfT0Mas8X4M0WycyigRsQ4IH4yysufus0AORQsuk3oeGhRC7t1tLyKD0Ih0VcYedv5-p8e6itqrIwzecu98-rNyUVDhWBzS0PMwxEw==", SIZE_MAX, &buffer, &size) >= 0); assert_se(unbase64mem("zKFyIq7aZn4EpuCCmpcF9jPgD8JFE1g_xfT0Mas8X4M0WycyigRsQ4IH4yysufus0AORQsuk3oeGhRC7t1tLyKD0Ih0VcYedv5-p8e6itqrIwzecu98-rNyUVDhWBzS0PMwxEw==", &buffer, &size) >= 0);
assert_se(memcmp_nn(plaintext, sizeof(plaintext), buffer, size) == 0); assert_se(memcmp_nn(plaintext, sizeof(plaintext), buffer, size) == 0);
/* Hint: use xxd -i to generate the static C array from some data, and basenc --base64 + basenc /* Hint: use xxd -i to generate the static C array from some data, and basenc --base64 + basenc

View File

@ -3795,7 +3795,8 @@ static int parse_line(
_cleanup_free_ void *data = NULL; _cleanup_free_ void *data = NULL;
size_t data_size = 0; size_t data_size = 0;
r = unbase64mem(item_binary_argument(&i), item_binary_argument_size(&i), &data, &data_size); r = unbase64mem_full(item_binary_argument(&i), item_binary_argument_size(&i), /* secure = */ false,
&data, &data_size);
if (r < 0) if (r < 0)
return log_syntax(NULL, LOG_ERR, fname, line, r, "Failed to base64 decode specified argument '%s': %m", i.argument); return log_syntax(NULL, LOG_ERR, fname, line, r, "Failed to base64 decode specified argument '%s': %m", i.argument);

View File

@ -252,7 +252,7 @@ static int determine_device(
if (*data_what && *hash_what) if (*data_what && *hash_what)
return 0; return 0;
r = unhexmem(hash, strlen(hash), &m, &l); r = unhexmem(hash, &m, &l);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to parse hash: %s", hash); return log_error_errno(r, "Failed to parse hash: %s", hash);
if (l < sizeof(sd_id128_t)) { if (l < sizeof(sd_id128_t)) {

View File

@ -205,7 +205,7 @@ static int parse_options(const char *options) {
size_t l; size_t l;
void *m; void *m;
r = unhexmem(val, strlen(val), &m, &l); r = unhexmem(val, &m, &l);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to parse salt '%s': %m", word); return log_error_errno(r, "Failed to parse salt '%s': %m", word);
@ -312,7 +312,7 @@ static int run(int argc, char *argv[]) {
if (!filename_is_valid(volume)) if (!filename_is_valid(volume))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume); return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
r = unhexmem(root_hash, SIZE_MAX, &m, &l); r = unhexmem(root_hash, &m, &l);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to parse root hash: %m"); return log_error_errno(r, "Failed to parse root hash: %m");
@ -378,7 +378,7 @@ static int run(int argc, char *argv[]) {
char *value; char *value;
if ((value = startswith(arg_root_hash_signature, "base64:"))) { if ((value = startswith(arg_root_hash_signature, "base64:"))) {
r = unbase64mem(value, strlen(value), (void *)&hash_sig, &hash_sig_size); r = unbase64mem(value, (void*) &hash_sig, &hash_sig_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to parse root hash signature '%s': %m", arg_root_hash_signature); return log_error_errno(r, "Failed to parse root hash signature '%s': %m", arg_root_hash_signature);
} else { } else {