Merge pull request #313 from paolostivanin/dev3_2_1

Release 3.2.1

CMakeLists.txt

@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.16)
-project(OTPClient VERSION "3.2.0" LANGUAGES "C")
+project(OTPClient VERSION "3.2.1" LANGUAGES "C")
 include(GNUInstallDirs)
 
 configure_file("src/common/version.h.in" "version.h")

data/com.github.paolostivanin.OTPClient.appdata.xml

@@ -84,6 +84,15 @@
  </content_rating>
 
  <releases>
+ <release version="3.2.1" date="2023-10-31">
+ <description>
+ <p>OTPClient 3.2.1 fixes a couple of issues.</p>
+ <ul>
+ <li>FIX: increase secure memory pool to 64 MB, if possible</li>
+ <li>FIX: parsing of big aegis encrypted json</li>
+ </ul>
+ </description>
+ </release>
  <release version="3.2.0" date="2023-10-25">
  <description>
  <p>OTPClient 3.2.0 fixes a couple of issues.</p>

src/app.c

@@ -179,7 +179,7 @@ activate (GtkApplication *app,
  }
 #endif
 
- if (max_file_size < (96 * 1024) && get_warn_data () == TRUE) {
+ if (max_file_size < LOW_MEMLOCK_VALUE && get_warn_data () == TRUE) {
  if (show_memlock_warn_dialog (max_file_size, app_data->builder) == TRUE) {
  g_free (app_data->db_data);
  g_free (app_data);

src/common/aegis.c

@@ -190,9 +190,15 @@ get_otps_from_encrypted_backup (const gchar *path,
  gcry_free (master_key);
  gcry_free (b64decoded_db);
 
- GSList *otps = parse_json_data (decrypted_db, err);
+ // we remove the icon field (and the icon_mime while at it too) because it uses lots of secure memory for nothing
+ GRegex *regex = g_regex_new (".*\"icon\":(\\s)*\".*\",\\n|.*\"icon_mime\":(\\s)*\".*\",\\n", G_REGEX_MULTILINE, 0, NULL);
+ gchar *cleaned_db = secure_strdup (g_regex_replace (regex, decrypted_db, -1, 0, "", 0, NULL));
+ g_regex_unref (regex);
  gcry_free (decrypted_db);
 
+ GSList *otps = parse_json_data (cleaned_db, err);
+ gcry_free (cleaned_db);
+
  return otps;
 }
 

src/common/common.c

@@ -1,12 +1,10 @@
 #include <glib.h>
 #include <sys/resource.h>
 #include <cotp.h>
-#ifdef COTP_OLD_LIB
-#include <baseencode.h>
-#endif
 #include <glib/gi18n.h>
 #include "gcrypt.h"
 #include "jansson.h"
+#include "common.h"
 #include "../google-migration.pb-c.h"
 
 gint32
@@ -17,13 +15,13 @@ get_max_file_size_from_memlock (void)
  if (getrlimit (RLIMIT_MEMLOCK, &r) == -1) {
  // couldn't get memlock limit, so falling back to a default, low value
  g_print ("[WARNING] your OS's memlock limit may be too low for you (64000 bytes). Please have a look at %s\n", link);
- return 64000;
+ return LOW_MEMLOCK_VALUE;
  } else {
- if (r.rlim_cur == -1 || r.rlim_cur > 4194304) {
- // memlock is either unlimited or bigger than needed
- return 4194304;
+ if (r.rlim_cur == -1 || r.rlim_cur > MEMLOCK_VALUE) {
+ // memlock is either unlimited or bigger than needed, so defaulting to 'MEMLOCK_VALUE'
+ return MEMLOCK_VALUE;
  } else {
- // memlock is less than 4 MB
+ // memlock is less than 'MEMLOCK_VALUE'
  g_print ("[WARNING] your OS's memlock limit may be too low for you (current value: %d bytes).\n"
  "This may cause issues when importing third parties databases or dealing with tens of tokens.\n"
  "For information on how to increase the memlock value, please have a look at %s\n", (gint32)r.rlim_cur, link);
@@ -36,8 +34,8 @@ get_max_file_size_from_memlock (void)
 gchar *
 init_libs (gint32 max_file_size)
 {
- if (!gcry_check_version ("1.6.0")) {
- return g_strdup ("The required version of GCrypt is 1.6.0 or greater.");
+ if (!gcry_check_version ("1.8.0")) {
+ return g_strdup ("The required version of GCrypt is 1.8.0 or greater.");
  }
 
  if (gcry_control (GCRYCTL_INIT_SECMEM, max_file_size, 0)) {

src/common/common.h

@@ -12,6 +12,9 @@ G_BEGIN_DECLS
  #define g_memdupX g_memdup
 #endif
 
+#define LOW_MEMLOCK_VALUE 65536 //64KB
+#define MEMLOCK_VALUE 67108864 //64MB
+
 gint32 get_max_file_size_from_memlock (void);
 
 gchar *init_libs (gint32 max_file_size);