Browse Source

Allow limiting the size of the secret

Add a configure-time option --enable-max-size to set a limit to
the size of the secret file to split.
develop
Damien Goutte-Gattat 5 years ago
parent
commit
ada834220f
  1. 18
      configure.ac
  2. 2
      src/gfsec-use.c
  3. 3
      src/secret.c
  4. 7
      src/util.c
  5. 2
      src/util.h
  6. 2
      src/uuid-support.c

18
configure.ac

@ -37,6 +37,22 @@ PKG_CHECK_MODULES([GIO], [gio-2.0 >= 2.22],
[AC_DEFINE([HAVE_GIO], [1], [Define if gio-2.0 is present.])],
[])
dnl Set max size for secret
AC_ARG_ENABLE([max-size],
[AS_HELP_STRING([--enable-max-size],
[Limit size of secret file @<:@default=no@:>@])],
[],
[enable_max_size=no])
AS_CASE([$enable_max_size],
[yes], [max_secret_size=16777216],
[no], [max_secret_size=0],
[max_secret_size=$enable_max_size])
AS_IF([test $max_secret_size -eq 0],
[max_secret_size_string="Unlimited"],
[max_secret_size_string="$max_secret_size bytes"])
AC_DEFINE_UNQUOTED([GFSEC_SECRET_MAX_SIZE], [$max_secret_size],
[Max size of secret.])
dnl Output files
AC_CONFIG_FILES([Makefile lib/Makefile src/Makefile
man/Makefile man/gfsec-use.1])
@ -49,4 +65,6 @@ Configuration complete
Prefix: '${prefix}'
Compiler: '${CC} ${CFLAGS} ${CPPFLAGS}'
Secret max size: ${max_secret_size_string}
"

2
src/gfsec-use.c

@ -133,7 +133,7 @@ get_share_data(gfsec_share_t *share)
switch ( share->scheme ) {
case GFSEC_SCHEME_FILE:
if ( (data = read_file(share->path, &len)) )
if ( (data = read_file(share->path, &len, GFSEC_SECRET_MAX_SIZE)) )
rc = 0;
break;

3
src/secret.c

@ -303,7 +303,8 @@ gfsec_secret_set_secret_file(gfsec_secret_t *secret,
if ( (secret->filename = strdup(filename)) )
return GFSEC_ERR_SYSTEM_ERROR;
if ( ! (secret->data = read_file(filename, &(secret->len))) )
if ( ! (secret->data = read_file(filename, &(secret->len),
GFSEC_SECRET_MAX_SIZE)) )
return GFSEC_ERR_SYSTEM_ERROR;
return 0;

7
src/util.c

@ -60,7 +60,7 @@ get_file_size(FILE *f)
}
unsigned char *
read_file(const char *filename, size_t *len)
read_file(const char *filename, size_t *len, size_t max)
{
FILE *f;
unsigned char *blob = NULL;
@ -75,7 +75,10 @@ read_file(const char *filename, size_t *len)
size_t nread;
if ( (size = get_file_size(f)) != -1 ) {
if ( (blob = malloc(size)) ) {
if ( max != 0 && (unsigned long) size > max )
errno = EFBIG;
else if ( (blob = malloc(size)) ) {
if ( (nread = fread(blob, 1, size, f)) < (unsigned long) size ) {
free(blob);
blob = NULL;

2
src/util.h

@ -33,7 +33,7 @@ long
get_file_size(FILE *f);
unsigned char *
read_file(const char *, size_t *);
read_file(const char *, size_t *, size_t);
int
write_file(const char *, const unsigned char *, size_t);

2
src/uuid-support.c

@ -195,7 +195,7 @@ get_file_contents(GVolume *volume,
root_path = g_file_get_path(root);
full_path = g_strjoin("/", root_path, path, NULL);
if ( (*buffer = read_file(full_path, len)) )
if ( (*buffer = read_file(full_path, len, GFSEC_SECRET_MAX_SIZE)) )
rc = 0;
if ( was_mounted )

Loading…
Cancel
Save