From a6c6169122c30ad51289e38b6c217d6a82d5c9ae Mon Sep 17 00:00:00 2001 From: Heiko Reese Date: Sat, 11 Sep 2021 14:40:43 +0200 Subject: [PATCH] Seitched mmap-based file reader against getline which also works with pipes. --- ci_container/build.sh | 2 + src/common.c | 62 +++++-------------- ...libexim-encrypt-dlfunc-decrypt-secretbox.c | 5 +- ...ibexim-encrypt-dlfunc-decrypt-secretbox.sh | 11 ++-- 4 files changed, 26 insertions(+), 54 deletions(-) diff --git a/ci_container/build.sh b/ci_container/build.sh index da63c15..945fd39 100755 --- a/ci_container/build.sh +++ b/ci_container/build.sh @@ -66,6 +66,8 @@ for i in "${images[@]}"; do git-buildpackage \ debsigs \ gpgv1; \ + DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install -y \ + vim; \ rm -rf /var/lib/apt/lists/*;' buildah run "$ctr" /bin/sh -c \ 'pip3 install meson ninja; \ diff --git a/src/common.c b/src/common.c index 12d5c90..cd4569d 100644 --- a/src/common.c +++ b/src/common.c @@ -1,67 +1,37 @@ -#include -#include -#include -#include +#define _GNU_SOURCE + +#include +#include #include #include #include "common.h" char *read_first_line(const char *filename) { - int fd; - char *endptr; + FILE *stream; char *cipherstring; + size_t len = 0; + ssize_t nread; // open file - fd = open(filename, O_RDONLY, (mode_t) 0600); - if (fd == -1) { + stream = fopen(filename, "r"); + if (stream == NULL) { perror("Error opening file"); exit(EXIT_FAILURE); } - // get length - struct stat fileInfo = {0}; - if (fstat(fd, &fileInfo) == -1) { - perror("Error getting the file size"); - exit(EXIT_FAILURE); - } - if (fileInfo.st_size == 0) { - fprintf(stderr, "Error: File is empty, nothing to do\n"); - exit(EXIT_FAILURE); - } - // mmap file - char *map = mmap(0, fileInfo.st_size, PROT_READ, MAP_SHARED, fd, 0); - if (map == MAP_FAILED) - { - close(fd); - perror("Error mmapping the file"); - exit(EXIT_FAILURE); - } - // find first line - endptr = strchrnul(map, 0x0a); - size_t cipherstring_len = endptr - map; - cipherstring = malloc(cipherstring_len+1); - strncpy(cipherstring, map, cipherstring_len); + nread = getline(&cipherstring, &len, stream); - // munmap and close file - if (munmap(map, fileInfo.st_size) == -1) { - close(fd); - perror("Error un-mmapping the file"); - exit(EXIT_FAILURE); + if (nread == -1) { + perror("getline: "); } - close(fd); - + fclose(stream); return cipherstring; } -void base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen) { +int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen) { size_t input_len = strlen(input); size_t outmaxlen = input_len / 4 * 3; *outstring = malloc(outmaxlen * sizeof(unsigned char)); - fprintf(stderr, " Input: |%s| [%zu]\n", input, input_len); - int b64err = sodium_base642bin(*outstring, outmaxlen, (const char *) input, input_len, - NULL, outlen, NULL, sodium_base64_VARIANT_ORIGINAL); - if (b64err != 0) { - fprintf(stderr, "[ERROR] Unable to base64-decode the password\n"); - exit(EXIT_FAILURE); - } + return sodium_base642bin(*outstring, outmaxlen, (const char *) input, input_len, + NULL, outlen, NULL, sodium_base64_VARIANT_ORIGINAL); } \ No newline at end of file diff --git a/src/libexim-encrypt-dlfunc-decrypt-secretbox.c b/src/libexim-encrypt-dlfunc-decrypt-secretbox.c index 66271c9..00da0ee 100644 --- a/src/libexim-encrypt-dlfunc-decrypt-secretbox.c +++ b/src/libexim-encrypt-dlfunc-decrypt-secretbox.c @@ -125,7 +125,10 @@ int main(int argc, char *argv[]) { // base64-decode input unsigned char *ciphertext; size_t ciphertext_len; - base64_decode_string(cipherstring, &ciphertext, &ciphertext_len); + if (base64_decode_string(cipherstring, &ciphertext, &ciphertext_len) != 0) { + fprintf(stderr, "[ERROR] Unable to base64-decode ciphertext.\n\n"); + exit(EXIT_FAILURE); + }; // extract nonce unsigned char nonce[crypto_secretbox_NONCEBYTES]; diff --git a/src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh b/src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh index c255510..6ec3c48 100755 --- a/src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh +++ b/src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh @@ -15,24 +15,21 @@ CIPHERTEXT_FILE02="$(mktemp)" echo -n "${TEST_CIPHERTEXT01}" > "${CIPHERTEXT_FILE01}" echo -n "${TEST_CIPHERTEXT02}" > "${CIPHERTEXT_FILE02}" -export LIBEXIM_PASSWORD="${TEST_PASSWORD}" -#DECRYPTED01="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})" -DECRYPTED01="$(src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})" +DECRYPTED01="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})" if [ "${DECRYPTED01}" == "${TEST_CLEARTEXT}" ] ; then echo "ok 1 - decrypt commandline argument with password from environment successful" else echo "not ok 1 - decrypt commandline argument with password from environment unsuccessful" fi -#DECRYPTED02="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})" -DECRYPTED02="$(src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})" +DECRYPTED02="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})" if [ "${DECRYPTED02}" == "${TEST_CLEARTEXT}" ] ; then echo "ok 2 - decrypt file contents with password from environment successful" else echo "not ok 2 - decrypt file contents with password from environment unsuccessful" fi -#unset LIBEXIM_PASSWORD -export -n LIBEXIM_PASSWORD + +unset LIBEXIM_PASSWORD DECRYPTED03="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} ${TEST_CIPHERTEXT02})" if [ "${DECRYPTED03}" == "${TEST_CLEARTEXT}" ] ; then