Commit d0f1dc65 authored by Thomas Haller's avatar Thomas Haller

core: ensure NUL terminated secret_key buffer

The secret_key is binary random data, so one shouldn't ever use it as a
NUL terminated string directly.

Still, just ensure that the entire buffer is always NUL terminated.
parent 5f5f75ce
......@@ -2820,7 +2820,7 @@ nm_utils_secret_key_read (gsize *out_key_len, GError **error)
/* RFC7217 mandates the key SHOULD be at least 128 bits.
* Let's use twice as much. */
key_len = 32;
secret_key = g_malloc (key_len);
secret_key = g_malloc (key_len + 1);
if (!nm_utils_random_bytes (secret_key, key_len)) {
g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
......@@ -2829,6 +2829,10 @@ nm_utils_secret_key_read (gsize *out_key_len, GError **error)
goto out;
}
/* the secret-key is binary. Still, ensure that it's NULL terminated, just like
* g_file_set_contents() does. */
secret_key[32] = '\0';
key_mask = umask (0077);
if (!g_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, error)) {
g_prefix_error (error, "Can't write " NMSTATEDIR "/secret_key: ");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment