hreese/exim-encrypt-dlfunc
1
0
Fork 0
mirror of https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git synced 2025-12-06 09:23:57 +01:00
Code Issues Releases Wiki Activity

Added slightly better memory management after using meson […] -Db_sanitize=address.

Browse Source
This commit is contained in:
Heiko Reese
2021-09-12 21:47:57 +02:00
parent 643f1a6719
commit 15de3a6204
4 changed files with 11 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/common.c
View File

@ -7,9 +7,6 @@
#include <sodium.h> #include <sodium.h>
#include "common.h" #include "common.h"
//#define MIN_KEY_SIZE (crypto_box_SECRETKEYBYTES < crypto_box_PUBLICKEYBYTES ? crypto_box_SECRETKEYBYTES : crypto_box_PUBLICKEYBYTES)
//#define MAX_KEY_SIZE (crypto_box_SECRETKEYBYTES > crypto_box_PUBLICKEYBYTES ? crypto_box_SECRETKEYBYTES : crypto_box_PUBLICKEYBYTES)
char *read_first_line(const char *filename) { char *read_first_line(const char *filename) {
FILE *stream; FILE *stream;
char *cipherstring; char *cipherstring;

13
src/libexim-encrypt-dlfunc-decrypt-sealedbox.c
View File

@ -7,10 +7,6 @@
#include <stdbool.h> #include <stdbool.h>
#include "common.c" #include "common.c"
/* A note on memory management: this code lacks calls to free() for every malloc()ed piece of memory. This is deliberate
* as these processes are short-lived and calling free() right before an exit() seems kind of moot.
*/
#define ENVVAR_SK_NAME "LIBEXIM_SECRETKEY" #define ENVVAR_SK_NAME "LIBEXIM_SECRETKEY"
#define ENVVAR_PK_NAME "LIBEXIM_PUBLICKEY" #define ENVVAR_PK_NAME "LIBEXIM_PUBLICKEY"
@ -144,8 +140,8 @@ int main(int argc, char *argv[]) {
// read first non-option argument as ciphertext if present // read first non-option argument as ciphertext if present
if (optind < argc) { if (optind < argc) {
size_t b64cipherstring_len = strlen(argv[optind]); size_t b64cipherstring_len = strlen(argv[optind]);
b64cipherstring = malloc(b64cipherstring_len); b64cipherstring = malloc(b64cipherstring_len + 1);
sodium_memzero(b64cipherstring, b64cipherstring_len); sodium_memzero(b64cipherstring, b64cipherstring_len + 1);
strncpy(b64cipherstring, argv[optind], b64cipherstring_len); strncpy(b64cipherstring, argv[optind], b64cipherstring_len);
input |= INSTRING; input |= INSTRING;
} }
@ -187,6 +183,8 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "[ERROR] Unable to base64-decode ciphertext.\n\n"); fprintf(stderr, "[ERROR] Unable to base64-decode ciphertext.\n\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
free(b64cipherstring);
// prepare buffer for cleartext // prepare buffer for cleartext
size_t cleartext_len = cipherstring_len - crypto_box_SEALBYTES; size_t cleartext_len = cipherstring_len - crypto_box_SEALBYTES;
unsigned char *cleartext = (unsigned char *) malloc(cleartext_len + 1); unsigned char *cleartext = (unsigned char *) malloc(cleartext_len + 1);
@ -204,4 +202,7 @@ int main(int argc, char *argv[]) {
} else { } else {
fprintf(stdout, "%s", (const char *) cleartext); fprintf(stdout, "%s", (const char *) cleartext);
} }
free(cleartext);
exit(EXIT_SUCCESS);
} }

7
src/libexim-encrypt-dlfunc-decrypt-secretbox.c
View File

@ -7,10 +7,6 @@
#include <stdbool.h> #include <stdbool.h>
#include "common.c" #include "common.c"
/* A note on memory management: this code lacks calls to free() for every malloc()ed piece of memory. This is deliberate
* as these processes are short-lived and calling free() right before an exit() seems kind of moot.
*/
#define ENVVAR_PASSWORD_NAME "LIBEXIM_PASSWORD" #define ENVVAR_PASSWORD_NAME "LIBEXIM_PASSWORD"
void print_usage(char *progname) { void print_usage(char *progname) {
@ -162,4 +158,7 @@ int main(int argc, char *argv[]) {
} else { } else {
fprintf(stdout, "%s", (const char *) cleartext); fprintf(stdout, "%s", (const char *) cleartext);
} }
free(cleartext);
exit(EXIT_SUCCESS);
} }

2
src/test_libexim-encrypt-dlfunc.sh
View File

@ -28,5 +28,5 @@ DECRYPTED=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal_open
if [ "${CLEARTEXT}" == "${DECRYPTED}" ] ; then if [ "${CLEARTEXT}" == "${DECRYPTED}" ] ; then
echo "ok 2 - sealed_box test successful" echo "ok 2 - sealed_box test successful"
else else
echo "ok 2 - sealed_box test unsuccessful" echo "not ok 2 - sealed_box test unsuccessful"
fi fi