Check file size against memlock

paolostivanin · paolostivanin · Mar 11, 2024 · Mar 8, 2024 · Mar 8, 2024 · Mar 9, 2024
commit 73c9d212c2d77d9b5985e978c9cd0ef5c001aa52
diff --git a/src/common/aegis.c b/src/common/aegis.c
@@ -161,7 +161,7 @@ get_otps_from_encrypted_backup (const gchar *path,
  gsize out_len;
  guchar *b64decoded_db = g_base64_decode (json_string_value (json_object_get (json, "db")), &out_len);
  if (out_len > max_file_size) {
- g_set_error (err, file_too_big_gquark (), FILE_TOO_BIG, "File is too big");
+ g_set_error (err, file_too_big_gquark (), FILE_TOO_BIG, FILE_SIZE_SECMEM_MSG);
  g_free (tag);
  g_free (nonce);
  gcry_free (master_key);

diff --git a/src/common/common.c b/src/common/common.c
@@ -268,7 +268,7 @@ get_data_from_encrypted_backup (const gchar *path,
  } else if (enc_buf_size > max_file_size) {
  g_object_unref (in_stream);
  g_object_unref (in_file);
- g_set_error (err, file_too_big_gquark (), FILE_TOO_BIG, "File is too big");
+ g_set_error (err, file_too_big_gquark (), FILE_TOO_BIG, FILE_SIZE_SECMEM_MSG);
  return NULL;
  }
 

diff --git a/src/common/freeotp.c b/src/common/freeotp.c
@@ -9,18 +9,23 @@
 
 
 GSList *
-get_freeotpplus_data (const gchar *path,
- GError **err)
+get_freeotpplus_data (const gchar *path,
+ gint32 max_file_size,
+ GError **err)
 {
  GSList *otps = NULL;
  goffset fs = get_file_size (path);
  if (fs < 10) {
- g_printerr ("Couldn't get the file size (file doesn't exit or wrong file selected\n");
+ g_set_error (err, file_too_big_gquark (), GENERIC_ERRCODE, "Couldn't get the file size (file doesn't exit or wrong file selected.");
+ return NULL;
+ }
+ if (fs > max_file_size) {
+ g_set_error (err, file_too_big_gquark (), FILE_TOO_BIG, FILE_SIZE_SECMEM_MSG);
  return NULL;
  }
  gchar *sec_buf = gcry_calloc_secure (fs, 1);
  if (!g_file_get_contents (path, &sec_buf, NULL, err)) {
- g_printerr("Couldn't read into memory the freeotp txt file\n");
+ g_printerr("Couldn't read into memory the freeotp txt file.\n");
  gcry_free (sec_buf);
  return NULL;
  }

diff --git a/src/common/get-providers-data.h b/src/common/get-providers-data.h
@@ -10,6 +10,7 @@ GSList *get_andotp_data (const gchar *path,
  GError **err);
 
 GSList *get_freeotpplus_data (const gchar *path,
+ gint32 max_file_size,
  GError **err);
 
 GSList *get_aegis_data (const gchar *path,
@@ -24,6 +25,7 @@ GSList *get_authpro_data (const gchar *path,
 
 GSList *get_twofas_data (const gchar *path,
  const gchar *password,
+ gint32 max_file_size,
  GError **err);
 
 G_END_DECLS
diff --git a/src/common/gquarks.h b/src/common/gquarks.h
@@ -10,6 +10,7 @@ G_BEGIN_DECLS
 #define FILE_TOO_BIG 13
 #define GENERIC_ERRCODE 14
 #define MEMLOCK_ERRCODE 15
+#define FILE_SIZE_SECMEM_MSG "Selected file is too big. Please increase the secure memory size."
 
 GQuark missing_file_gquark (void);
 

diff --git a/src/common/twofas.c b/src/common/twofas.c
@@ -4,6 +4,7 @@
 #include <gcrypt.h>
 #include "gquarks.h"
 #include "common.h"
+#include "file-size.h"
 
 #define TWOFAS_KDF_ITERS 10000
 #define TWOFAS_SALT 256
@@ -46,8 +47,13 @@ static GSList *parse_twofas_json_data (const gchar *data,
 GSList *
 get_twofas_data (const gchar *path,
  const gchar *password,
+ gint32 max_file_size,
  GError **err)
 {
+ if (get_file_size (path) > max_file_size) {
+ g_set_error (err, file_too_big_gquark (), FILE_TOO_BIG, FILE_SIZE_SECMEM_MSG);
+ return NULL;
+ }
  return (password != NULL) ? get_otps_from_encrypted_backup (path, password, err) : get_otps_from_plain_backup (path, err);
 }
 

diff --git a/src/gui/imports.c b/src/gui/imports.c
@@ -111,13 +111,13 @@ parse_data_and_update_db (AppData *app_data,
  if (g_strcmp0 (action_name, ANDOTP_IMPORT_ACTION_NAME) == 0 || g_strcmp0 (action_name, ANDOTP_IMPORT_PLAIN_ACTION_NAME) == 0) {
  content = get_andotp_data (filename, pwd, app_data->db_data->max_file_size_from_memlock, &err);
  } else if (g_strcmp0 (action_name, FREEOTPPLUS_IMPORT_ACTION_NAME) == 0) {
- content = get_freeotpplus_data (filename, &err);
+ content = get_freeotpplus_data (filename, app_data->db_data->max_file_size_from_memlock, &err);
  } else if (g_strcmp0 (action_name, AEGIS_IMPORT_ACTION_NAME) == 0 || g_strcmp0 (action_name, AEGIS_IMPORT_ENC_ACTION_NAME) == 0) {
  content = get_aegis_data (filename, pwd, app_data->db_data->max_file_size_from_memlock, &err);
  } else if (g_strcmp0 (action_name, AUTHPRO_IMPORT_ENC_ACTION_NAME) == 0 || g_strcmp0 (action_name, AUTHPRO_IMPORT_PLAIN_ACTION_NAME) == 0) {
  content = get_authpro_data (filename, pwd, app_data->db_data->max_file_size_from_memlock, &err);
  } else if (g_strcmp0 (action_name, TWOFAS_IMPORT_ENC_ACTION_NAME) == 0 || g_strcmp0 (action_name, TWOFAS_IMPORT_PLAIN_ACTION_NAME) == 0) {
- content = get_twofas_data (filename, pwd, &err);
+ content = get_twofas_data (filename, pwd, app_data->db_data->max_file_size_from_memlock, &err);
  }
 
  if (content == NULL) {