commit ec4e7034a943f389ff098aafbbe9f9de5908934b from: Benjamin Stürz date: Wed Dec 27 18:55:05 2023 UTC pinentry-dmenu: Use strlcpy() instead of strcpy() The code for pinentry is REALLY UGLY and uses the stupid GNU coding style. I wish I didn't touch. commit - 90c4f1a832a9c55ba2397da9f1cbcaf72f076b78 commit + ec4e7034a943f389ff098aafbbe9f9de5908934b blob - e0f5302830df390b346b453d81cd7eb1c95081ef blob + 1f2ccc071a4c245fd66da8f3c13d65c5a6b9dc6e --- TODO +++ TODO @@ -5,7 +5,11 @@ # Fix - dwm: XKeycodeToKeysum -- pinentry-dmenu: strcpy() -> strlcpy() +# Patch +- dmenu: passwords + # Refactor - split common code into a library (drw.c) +- pinentry code is ugly AF, replace it with something better +- pinentry-dmenu should ideally not be a fork of dmenu, but rather use it directly blob - 953326f1c2ccac35da9f00c0b2f15212ee1f781f blob + ba9d3b1a2b268af3d20bb9faf725277c19d87a85 --- pinentry-dmenu/pinentry/argparse.c +++ pinentry-dmenu/pinentry/argparse.c @@ -39,6 +39,7 @@ #endif #include +#include #include #include #include @@ -265,7 +266,7 @@ typedef struct iio_item_def_s *IIO_ITEM_DEF; struct iio_item_def_s { IIO_ITEM_DEF next; - char name[1]; /* String with the long option name. */ + char name[]; /* String with the long option name. */ }; static const char *(*strusage_handler)( int ) = NULL; @@ -482,9 +483,10 @@ ignore_invalid_option_add (ARGPARSE_ARGS *arg, FILE *f state = addNAME; goto again; } - else if (namelen < DIM(name)-1) + else if (namelen < DIM(name)-1) { + assert(namelen < (sizeof(name) - 1)); name[namelen++] = c; - else /* Too long. */ + } else /* Too long. */ state = skipNAME; break; @@ -500,10 +502,10 @@ ignore_invalid_option_add (ARGPARSE_ARGS *arg, FILE *f name[namelen] = 0; if (!ignore_invalid_option_p (arg, name)) { - item = jnlib_malloc (sizeof *item + namelen); + item = jnlib_malloc (sizeof *item + namelen + 1); if (!item) return 1; - strcpy (item->name, name); + strlcpy (item->name, name, namelen + 1); item->next = (IIO_ITEM_DEF)arg->internal.iio_list; arg->internal.iio_list = item; } blob - 55083d1e0610a1f2cd1dbc5031f87405c0ba4ce8 blob + 898f88cebfc93639fb5050f92ab559956f5f1846 --- pinentry-dmenu/pinentry/password-cache.c +++ pinentry-dmenu/pinentry/password-cache.c @@ -53,14 +53,8 @@ static char * keygrip_to_label (const char *keygrip) { char const prefix[] = "GnuPG: "; - char *label; - - label = malloc (sizeof (prefix) + strlen (keygrip)); - if (label) - { - memcpy (label, prefix, sizeof (prefix) - 1); - strcpy (&label[sizeof (prefix) - 1], keygrip); - } + char *label = NULL; + asprintf (&label, "%s%s", prefix, keygrip); return label; } #endif @@ -104,6 +98,7 @@ password_cache_lookup (UNUSED const char *keygrip) GError *error = NULL; char *password; char *password2; + size_t plen; if (! *keygrip) return NULL; @@ -124,9 +119,10 @@ password_cache_lookup (UNUSED const char *keygrip) return NULL; /* The password needs to be returned in secmem allocated memory. */ - password2 = secmem_malloc (strlen (password) + 1); + plen = strlen (password) + 1; + password2 = secmem_malloc (plen); if (password2) - strcpy(password2, password); + strlcpy(password2, password, plen); else printf("secmem_malloc failed: can't copy password!\n"); blob - c3d8e4413ea27ba4987e016a7cdcd04407d817bf blob + d10723a94e527940d9188230c4a4feee99a8e97d --- pinentry-dmenu/pinentry/pinentry.c +++ pinentry-dmenu/pinentry/pinentry.c @@ -200,7 +200,7 @@ pinentry_inq_quality (pinentry_t pin, const char *pass const char prefix[] = "INQUIRE QUALITY "; char *command; char *line; - size_t linelen; + size_t linelen, clen; int gotvalue = 0; int value = 0; int rc; @@ -212,10 +212,11 @@ pinentry_inq_quality (pinentry_t pin, const char *pass length = 300; /* Limit so that it definitely fits into an Assuan line. */ - command = secmem_malloc (strlen (prefix) + 3*length + 1); + clen = strlen (prefix) + 3*length + 1; + command = secmem_malloc (clen); if (!command) return 0; - strcpy (command, prefix); + strlcpy (command, prefix, clen); copy_and_escape (command + strlen(command), passphrase, length); rc = assuan_write_line (ctx, command); secmem_free (command); @@ -352,7 +353,7 @@ pinentry_init (const char *pgmname) /* Store away our name. */ if (strlen (pgmname) > sizeof this_pgmname - 2) abort (); - strcpy (this_pgmname, pgmname); + strlcpy (this_pgmname, pgmname, sizeof(this_pgmname)); gpgrt_check_version (NULL);