diff options
-rw-r--r-- | camel/ChangeLog | 26 | ||||
-rw-r--r-- | camel/camel-cipher-context.c | 21 | ||||
-rw-r--r-- | camel/camel-gpg-context.c | 1 | ||||
-rw-r--r-- | camel/camel-smime-context.c | 1 | ||||
-rw-r--r-- | camel/camel-stream-mem.c | 52 | ||||
-rw-r--r-- | camel/camel-stream-mem.h | 6 |
6 files changed, 95 insertions, 12 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog index 2021be3237..b31447caea 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,3 +1,29 @@ +2004-07-09 Not Zed <NotZed@Ximian.com> + + ** This is no guarantee of security, but its just a helper to + prevent old memory accidentally being included/used elsewhere. + + * camel-smime-context.c (sm_decrypt): mark the output stream + 'secure'. + + * camel-gpg-context.c (gpg_decrypt): set the output stream to + secured, so we automagically blank it out on finalise. + + * camel-stream-mem.c (camel_stream_mem_set_secure): set the + memory-stream 'secured', all we do at the moment is blank out the + buffer on finalise. + (camel_stream_mem_set_byte_array, camel_stream_mem_finalize): + clear memory if owner and secured. kill dead comment. + (clear_mem): utilitiy to set memory to 0xABADF00D + +2004-07-08 Not Zed <NotZed@Ximian.com> + + ** See bug #61186. + + * camel-cipher-context.c (camel_cipher_sign): + (camel_cipher_verify, camel_cipher_encrypt, camel_cipher_decrypt): + Add preliminary progress reporting. + 2004-07-07 Chris Toshok <toshok@ximian.com> * providers/groupwise/Makefile.am (INCLUDES): use diff --git a/camel/camel-cipher-context.c b/camel/camel-cipher-context.c index 5725470855..f2c017e9c3 100644 --- a/camel/camel-cipher-context.c +++ b/camel/camel-cipher-context.c @@ -31,6 +31,7 @@ #include "camel-cipher-context.h" #include "camel-stream.h" +#include "camel-operation.h" #include "camel-mime-utils.h" #include "camel-medium.h" @@ -123,13 +124,17 @@ camel_cipher_sign (CamelCipherContext *context, const char *userid, CamelCipherH int retval; g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), -1); - + + camel_operation_start(NULL, _("Signing message")); + CIPHER_LOCK(context); retval = CCC_CLASS (context)->sign (context, userid, hash, ipart, opart, ex); CIPHER_UNLOCK(context); - + + camel_operation_end(NULL); + return retval; } @@ -163,11 +168,15 @@ camel_cipher_verify (CamelCipherContext *context, struct _CamelMimePart *ipart, g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), NULL); + camel_operation_start(NULL, _("Verifying message")); + CIPHER_LOCK(context); valid = CCC_CLASS (context)->verify (context, ipart, ex); CIPHER_UNLOCK(context); + + camel_operation_end(NULL); return valid; } @@ -202,12 +211,16 @@ camel_cipher_encrypt (CamelCipherContext *context, const char *userid, GPtrArray int retval; g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), -1); + + camel_operation_start(NULL, _("Encrypting message")); CIPHER_LOCK(context); retval = CCC_CLASS (context)->encrypt (context, userid, recipients, ipart, opart, ex); CIPHER_UNLOCK(context); + + camel_operation_end(NULL); return retval; } @@ -237,12 +250,16 @@ camel_cipher_decrypt(CamelCipherContext *context, struct _CamelMimePart *ipart, CamelCipherValidity *valid; g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), NULL); + + camel_operation_start(NULL, _("Decrypting message")); CIPHER_LOCK(context); valid = CCC_CLASS (context)->decrypt (context, ipart, opart, ex); CIPHER_UNLOCK(context); + + camel_operation_end(NULL); return valid; } diff --git a/camel/camel-gpg-context.c b/camel/camel-gpg-context.c index 7f7a493bce..fabf3495da 100644 --- a/camel/camel-gpg-context.c +++ b/camel/camel-gpg-context.c @@ -1621,6 +1621,7 @@ gpg_decrypt(CamelCipherContext *context, CamelMimePart *ipart, CamelMimePart *op camel_stream_filter_add (CAMEL_STREAM_FILTER (filtered_stream), crlf_filter); camel_object_unref (crlf_filter);*/ ostream = camel_stream_mem_new(); + camel_stream_mem_set_secure((CamelStreamMem *)ostream); gpg = gpg_ctx_new (context->session); gpg_ctx_set_mode (gpg, GPG_CTX_MODE_DECRYPT); diff --git a/camel/camel-smime-context.c b/camel/camel-smime-context.c index 94ad6de69c..019d16d1d9 100644 --- a/camel/camel-smime-context.c +++ b/camel/camel-smime-context.c @@ -953,6 +953,7 @@ sm_decrypt(CamelCipherContext *context, CamelMimePart *ipart, CamelMimePart *opa this api to do this ... */ ostream = camel_stream_mem_new(); + camel_stream_mem_set_secure((CamelStreamMem *)ostream); /* FIXME: stream this to the decoder incrementally */ istream = (CamelStreamMem *)camel_stream_mem_new(); diff --git a/camel/camel-stream-mem.c b/camel/camel-stream-mem.c index 7b93b7864b..5577a4b40a 100644 --- a/camel/camel-stream-mem.c +++ b/camel/camel-stream-mem.c @@ -74,6 +74,23 @@ camel_stream_mem_init (CamelObject *object) stream_mem->buffer = 0; } +/* could probably be a util method */ +static void clear_mem(void *p, size_t len) +{ + char *s = p; + + /* This also helps debug bad access memory errors */ + while (len > 4) { + *s++ = 0xAB; + *s++ = 0xAD; + *s++ = 0xF0; + *s++ = 0x0D; + len -= 4; + } + + memset(s, 0xbf, len); +} + CamelType camel_stream_mem_get_type (void) { @@ -122,11 +139,28 @@ camel_stream_mem_new_with_byte_array (GByteArray *byte_array) return CAMEL_STREAM (stream_mem); } +/** + * camel_stream_mem_set_secure: + * @s: + * + * Mark the memory stream as secure. At the very least this means the + * data in the buffer will be cleared when the buffer is finalised. + * This only applies to buffers owned by the stream. + **/ +void camel_stream_mem_set_secure(CamelStreamMem *s) +{ + s->secure = 1; + /* setup a mem-locked buffer etc? blah blah, well not yet anyway */ +} + /* note: with these functions the caller is the 'owner' of the buffer */ void camel_stream_mem_set_byte_array (CamelStreamMem *s, GByteArray *buffer) { - if (s->buffer && s->owner) + if (s->buffer && s->owner) { + if (s->secure && s->buffer->len) + clear_mem(s->buffer->data, s->buffer->len); g_byte_array_free(s->buffer, TRUE); + } s->owner = FALSE; s->buffer = buffer; } @@ -144,15 +178,15 @@ void camel_stream_mem_set_buffer (CamelStreamMem *s, const char *buffer, size_t static void camel_stream_mem_finalize (CamelObject *object) { - CamelStreamMem *stream_mem = CAMEL_STREAM_MEM (object); + CamelStreamMem *s = CAMEL_STREAM_MEM (object); - if (stream_mem->buffer && stream_mem->owner) - g_byte_array_free (stream_mem->buffer, TRUE); - - /* Will be called automagically in the Camel Type System! - * Wheeee! - * G_TK_OBJECT_CLASS (parent_class)->finalize (object); - */ + if (s->buffer && s->owner) { + /* TODO: we need our own bytearray type since we don't know + the real size of the underlying buffer :-/ */ + if (s->secure && s->buffer->len) + clear_mem(s->buffer->data, s->buffer->len); + g_byte_array_free(s->buffer, TRUE); + } } static ssize_t diff --git a/camel/camel-stream-mem.h b/camel/camel-stream-mem.h index af51c36ff7..ba01e950ad 100644 --- a/camel/camel-stream-mem.h +++ b/camel/camel-stream-mem.h @@ -45,7 +45,8 @@ typedef struct _CamelStreamMemClass CamelStreamMemClass; struct _CamelStreamMem { CamelSeekableStream parent_object; - gboolean owner; /* do we own the buffer? */ + unsigned int owner:1; /* do we own the buffer? */ + unsigned int secure:1; /* do we clear the buffer on finalise (if we own it) */ GByteArray *buffer; }; @@ -63,6 +64,9 @@ CamelStream *camel_stream_mem_new(void); CamelStream *camel_stream_mem_new_with_byte_array(GByteArray *buffer); CamelStream *camel_stream_mem_new_with_buffer(const char *buffer, size_t len); +/* 'secure' data, currently just clears memory on finalise */ +void camel_stream_mem_set_secure(CamelStreamMem *); + /* these are really only here for implementing classes */ void camel_stream_mem_set_byte_array(CamelStreamMem *, GByteArray *buffer); void camel_stream_mem_set_buffer(CamelStreamMem *, const char *buffer, size_t len); |