summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSamuel Lidén Borell <samuel@slbdata.se>2010-02-23 14:51:41 +0100
committerSamuel Lidén Borell <samuel@slbdata.se>2010-02-23 14:51:41 +0100
commit34e19607424673d7fbf36380dd5e77eb8f994046 (patch)
tree0472ac7a949725b44c7052cafe7ba475d6c16da7
parent9ac14e115a8cf5cc0771de30879efb74a4028d40 (diff)
downloadfribid-34e19607424673d7fbf36380dd5e77eb8f994046.tar.gz
fribid-34e19607424673d7fbf36380dd5e77eb8f994046.tar.bz2
fribid-34e19607424673d7fbf36380dd5e77eb8f994046.zip
Fix some bugs from the second last patch
These changes fix two bugs from the secure memory patch, 2605e8dd6ffd0b8cc710a3f91d58192cd510473a The one in gtk.c was caused by the password variable being dereferenced after it had been indexed (an operator precedence problem). This could cause a crash. The one in main.c was a logic error were an error message was sent as a parameter to the plugin. However, the plugin expects this parameter to be the Signature so this was wrong (but hard to spot!). I also changed a secmem_init_pool function to reset the pool pointer to NULL if mmap fails, to avoid errors later on.
-rw-r--r--client/gtk.c6
-rw-r--r--client/main.c4
-rw-r--r--client/platform.h2
-rw-r--r--client/secmem.c4
4 files changed, 9 insertions, 7 deletions
diff --git a/client/gtk.c b/client/gtk.c
index 786d2c5..bb1ae3f 100644
--- a/client/gtk.c
+++ b/client/gtk.c
@@ -345,7 +345,7 @@ static void selectExternalFile() {
* the selected subject.
*/
bool platform_sign(char **signature, int *siglen, KeyfileSubject **person,
- char **password, int password_maxlen) {
+ char *password, int password_maxlen) {
guint response;
// Restrict the password to the length of the preallocated
@@ -380,9 +380,9 @@ bool platform_sign(char **signature, int *siglen, KeyfileSubject **person,
}
// Copy the password to the secure buffer
- strncpy(*password, gtk_entry_get_text(passwordEntry), password_maxlen-1);
+ strncpy(password, gtk_entry_get_text(passwordEntry), password_maxlen-1);
// Be sure to terminate this under all circumstances
- *password[password_maxlen-1] = '\0';
+ password[password_maxlen-1] = '\0';
return true;
} else {
// User pressed cancel or closed the dialog
diff --git a/client/main.c b/client/main.c
index 82fad03..7057b6b 100644
--- a/client/main.c
+++ b/client/main.c
@@ -95,7 +95,7 @@ void pipeData() {
password = secmem_get_page(&password_maxsize);
if (!password || !password_maxsize) {
pipe_sendInt(stdout, BIDERR_InternalError);
- pipe_sendString(stdout, "Out of secure memory!\n");
+ pipe_sendString(stdout, "");
pipe_flush(stdout);
platform_leaveMainloop();
@@ -121,7 +121,7 @@ void pipeData() {
platform_versionExpiredError();
}
- while (platform_sign(&p12Data, &p12Length, &person, &password, password_maxsize)) {
+ while (platform_sign(&p12Data, &p12Length, &person, password, password_maxsize)) {
// Try to authenticate/sign
if (command == PMC_Authenticate) {
error = bankid_authenticate(p12Data, p12Length, person, password,
diff --git a/client/platform.h b/client/platform.h
index d2231e7..b412c01 100644
--- a/client/platform.h
+++ b/client/platform.h
@@ -94,7 +94,7 @@ void platform_startSign(const char *url, const char *hostname, const char *ip,
void platform_endSign();
void platform_setMessage(const char *message);
bool platform_sign(char **signature, int *siglen, char **person,
- char **password, int password_maxlen);
+ char *password, int password_maxlen);
void platform_signError();
void platform_versionExpiredError();
diff --git a/client/secmem.c b/client/secmem.c
index 72d36cd..c39d615 100644
--- a/client/secmem.c
+++ b/client/secmem.c
@@ -78,8 +78,10 @@ bool secmem_init_pool(void)
PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS,
-1, 0);
- if (pool == MAP_FAILED)
+ if (pool == MAP_FAILED) {
+ pool = NULL;
return true;
+ }
// Lock this pool from any swapping!
err = mlock(pool, poolsize);