Only copy the correct amount of bytes from SecretValue

 * When transferring to a null-terminated password

diff --git a/egg/egg-secure-memory.c b/egg/egg-secure-memory.c
index dca9bac..b082779 100644 (file)
--- a/egg/egg-secure-memory.c
+++ b/egg/egg-secure-memory.c
@@ -1317,6 +1317,28 @@ egg_secure_strdup_full (const char *tag,
        return res;
 }
 
+char *
+egg_secure_strndup_full (const char *tag,
+                         const char *str,
+                         size_t length,
+                         int options)
+{
+       size_t len;
+       char *res;
+       const char *end;
+
+       if (!str)
+               return NULL;
+
+       end = memchr (str, '\0', length);
+       if (end != NULL)
+               length = (end - str);
+       len = length + 1;
+       res = (char *)egg_secure_alloc_full (tag, len, options);
+       memcpy (res, str, len);
+       return res;
+}
+
 void
 egg_secure_clear (void *p, size_t length)
 {

diff --git a/egg/egg-secure-memory.h b/egg/egg-secure-memory.h
index 682811d..d181349 100644 (file)
--- a/egg/egg-secure-memory.h
+++ b/egg/egg-secure-memory.h
@@ -81,6 +81,9 @@ extern void*  egg_memory_fallback (void *p, size_t length);
        } \
        static inline void* egg_secure_strdup (const char *str) { \
                return egg_secure_strdup_full (G_STRINGIFY (tag), str, EGG_SECURE_USE_FALLBACK); \
+       } \
+       static inline void* egg_secure_strndup (const char *str, size_t length) { \
+               return egg_secure_strndup_full (G_STRINGIFY (tag), str, length, EGG_SECURE_USE_FALLBACK); \
        }
 
 void*  egg_secure_alloc_full   (const char *tag, size_t length, int options);
@@ -99,6 +102,8 @@ void   egg_secure_validate     (void);
 
 char*  egg_secure_strdup_full  (const char *tag, const char *str, int options);
 
+char*  egg_secure_strndup_full (const char *tag, const char *str, size_t length, int options);
+
 void   egg_secure_strclear     (char *str);
 
 void   egg_secure_strfree      (char *str);

diff --git a/library/secret-value.c b/library/secret-value.c
index b0aa293..959e4d3 100644 (file)
--- a/library/secret-value.c
+++ b/library/secret-value.c
@@ -237,7 +237,7 @@ _secret_value_unref_to_password (SecretValue *value)
                        result = val->secret;
 
                } else {
-                       result = egg_secure_strdup (val->secret);
+                       result = egg_secure_strndup (val->secret, val->length);
                        if (val->destroy)
                                (val->destroy) (val->secret);
                }
@@ -245,7 +245,7 @@ _secret_value_unref_to_password (SecretValue *value)
                g_slice_free (SecretValue, val);
 
        } else {
-               result = egg_secure_strdup (val->secret);
+               result = egg_secure_strndup (val->secret, val->length);
        }
 
        return result;
@@ -269,7 +269,7 @@ _secret_value_unref_to_string (SecretValue *value)
                        result = val->secret;
 
                } else {
-                       result = g_strdup (val->secret);
+                       result = g_strndup (val->secret, val->length);
                        if (val->destroy)
                                (val->destroy) (val->secret);
                }
@@ -277,7 +277,7 @@ _secret_value_unref_to_string (SecretValue *value)
                g_slice_free (SecretValue, val);
 
        } else {
-               result = g_strdup (val->secret);
+               result = g_strndup (val->secret, val->length);
        }
 
        return result;