Seitched mmap-based file reader against getline which also works with pipes.

ci_container/build.sh

@@ -66,6 +66,8 @@ for i in "${images[@]}"; do
 	    git-buildpackage \
 	    debsigs \
 	    gpgv1; \
+	DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install -y \
+	    vim; \
 	rm -rf /var/lib/apt/lists/*;'
 	buildah run "$ctr" /bin/sh -c \
 	    'pip3 install meson ninja; \

src/common.c

@@ -1,67 +1,37 @@
-#include <sys/mman.h>
+#define _GNU_SOURCE
-#include <sys/stat.h>
+
-#include <fcntl.h>
+#include <stdio.h>
-#include <unistd.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sodium.h>
 #include "common.h"
 
 char *read_first_line(const char *filename) {
-    int fd;
+    FILE *stream;
-    char *endptr;
     char *cipherstring;
+    size_t len = 0;
+    ssize_t nread;
 
     // open file
-    fd = open(filename, O_RDONLY, (mode_t) 0600);
+    stream = fopen(filename, "r");
-    if (fd == -1) {
+    if (stream == NULL) {
         perror("Error opening file");
         exit(EXIT_FAILURE);
     }
-    // get length
-    struct stat fileInfo = {0};
-    if (fstat(fd, &fileInfo) == -1) {
-        perror("Error getting the file size");
-        exit(EXIT_FAILURE);
-    }
-    if (fileInfo.st_size == 0) {
-        fprintf(stderr, "Error: File is empty, nothing to do\n");
-        exit(EXIT_FAILURE);
-    }
-    // mmap file
-    char *map = mmap(0, fileInfo.st_size, PROT_READ, MAP_SHARED, fd, 0);
-    if (map == MAP_FAILED)
-    {
-        close(fd);
-        perror("Error mmapping the file");
-        exit(EXIT_FAILURE);
-    }
-    // find first line
-    endptr = strchrnul(map, 0x0a);
 
-    size_t cipherstring_len = endptr - map;
+    nread = getline(&cipherstring, &len, stream);
-    cipherstring = malloc(cipherstring_len+1);
-    strncpy(cipherstring, map, cipherstring_len);
 
-    // munmap and close file
+    if (nread == -1) {
-    if (munmap(map, fileInfo.st_size) == -1) {
+        perror("getline: ");
-        close(fd);
-        perror("Error un-mmapping the file");
-        exit(EXIT_FAILURE);
     }
-    close(fd);
+    fclose(stream);
-
     return cipherstring;
 }
 
-void base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen) {
+int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen) {
     size_t input_len = strlen(input);
     size_t outmaxlen = input_len / 4 * 3;
     *outstring = malloc(outmaxlen * sizeof(unsigned char));
-    fprintf(stderr, "        Input: |%s| [%zu]\n", input, input_len);
+    return sodium_base642bin(*outstring, outmaxlen, (const char *) input, input_len,
-    int b64err = sodium_base642bin(*outstring, outmaxlen, (const char *) input, input_len,
+                             NULL, outlen, NULL, sodium_base64_VARIANT_ORIGINAL);
-                                   NULL, outlen, NULL, sodium_base64_VARIANT_ORIGINAL);
-    if (b64err != 0) {
-        fprintf(stderr, "[ERROR] Unable to base64-decode the password\n");
-        exit(EXIT_FAILURE);
-    }
 }

src/libexim-encrypt-dlfunc-decrypt-secretbox.c

@@ -125,7 +125,10 @@ int main(int argc, char *argv[]) {
     // base64-decode input
     unsigned char *ciphertext;
     size_t ciphertext_len;
-    base64_decode_string(cipherstring, &ciphertext, &ciphertext_len);
+    if (base64_decode_string(cipherstring, &ciphertext, &ciphertext_len) != 0) {
+        fprintf(stderr, "[ERROR] Unable to base64-decode ciphertext.\n\n");
+        exit(EXIT_FAILURE);
+    };
 
     // extract nonce
     unsigned char nonce[crypto_secretbox_NONCEBYTES];

src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh

@@ -15,24 +15,21 @@ CIPHERTEXT_FILE02="$(mktemp)"
 echo -n "${TEST_CIPHERTEXT01}" > "${CIPHERTEXT_FILE01}"
 echo -n "${TEST_CIPHERTEXT02}" > "${CIPHERTEXT_FILE02}"
 
-export LIBEXIM_PASSWORD="${TEST_PASSWORD}"
+DECRYPTED01="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})"
-#DECRYPTED01="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})"
-DECRYPTED01="$(src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})"
 if [ "${DECRYPTED01}" == "${TEST_CLEARTEXT}" ] ; then
   echo "ok 1 - decrypt commandline argument with password from environment successful"
 else
   echo "not ok 1 - decrypt commandline argument with password from environment unsuccessful"
 fi
 
-#DECRYPTED02="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})"
+DECRYPTED02="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})"
-DECRYPTED02="$(src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})"
 if [ "${DECRYPTED02}" == "${TEST_CLEARTEXT}" ] ; then
   echo "ok 2 - decrypt file contents with password from environment successful"
 else
   echo "not ok 2 - decrypt file contents with password from environment unsuccessful"
 fi
-#unset LIBEXIM_PASSWORD
+
-export -n LIBEXIM_PASSWORD
+unset LIBEXIM_PASSWORD
 
 DECRYPTED03="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} ${TEST_CIPHERTEXT02})"
 if [ "${DECRYPTED03}" == "${TEST_CLEARTEXT}" ] ; then