From 0a3341dda86ee8068183aec18289e8a70afea709 Mon Sep 17 00:00:00 2001
From: Not Zed <NotZed@Ximian.com>
Date: Tue, 13 Jul 2004 04:05:10 +0000
Subject: ** This is no guarantee of security, but its just a helper to prevent
 old

2004-07-09  Not Zed  <NotZed@Ximian.com>

        ** This is no guarantee of security, but its just a helper to
        prevent old memory accidentally being included/used elsewhere.

        * camel-smime-context.c (sm_decrypt): mark the output stream
        'secure'.

        * camel-gpg-context.c (gpg_decrypt): set the output stream to
        secured, so we automagically blank it out on finalise.

        * camel-stream-mem.c (camel_stream_mem_set_secure): set the
        memory-stream 'secured', all we do at the moment is blank out the
        buffer on finalise.
        (camel_stream_mem_set_byte_array, camel_stream_mem_finalize):
        clear memory if owner and secured.  kill dead comment.
        (clear_mem): utilitiy to set memory to 0xABADF00D

2004-07-08  Not Zed  <NotZed@Ximian.com>

        ** See bug #61186.

        * camel-cipher-context.c (camel_cipher_sign):
        (camel_cipher_verify, camel_cipher_encrypt, camel_cipher_decrypt):
        Add preliminary progress reporting.

svn path=/trunk/; revision=26629
---
 camel/ChangeLog              | 26 ++++++++++++++++++++++
 camel/camel-cipher-context.c | 21 ++++++++++++++++--
 camel/camel-gpg-context.c    |  1 +
 camel/camel-smime-context.c  |  1 +
 camel/camel-stream-mem.c     | 52 ++++++++++++++++++++++++++++++++++++--------
 camel/camel-stream-mem.h     |  6 ++++-
 6 files changed, 95 insertions(+), 12 deletions(-)

diff --git a/camel/ChangeLog b/camel/ChangeLog
index 2021be3237..b31447caea 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -1,3 +1,29 @@
+2004-07-09  Not Zed  <NotZed@Ximian.com>
+
+	** This is no guarantee of security, but its just a helper to
+	prevent old memory accidentally being included/used elsewhere.
+	
+	* camel-smime-context.c (sm_decrypt): mark the output stream
+	'secure'.
+
+	* camel-gpg-context.c (gpg_decrypt): set the output stream to
+	secured, so we automagically blank it out on finalise.
+
+	* camel-stream-mem.c (camel_stream_mem_set_secure): set the
+	memory-stream 'secured', all we do at the moment is blank out the
+	buffer on finalise.
+	(camel_stream_mem_set_byte_array, camel_stream_mem_finalize):
+	clear memory if owner and secured.  kill dead comment.
+	(clear_mem): utilitiy to set memory to 0xABADF00D
+
+2004-07-08  Not Zed  <NotZed@Ximian.com>
+
+	** See bug #61186.
+	
+	* camel-cipher-context.c (camel_cipher_sign):
+	(camel_cipher_verify, camel_cipher_encrypt, camel_cipher_decrypt):
+	Add preliminary progress reporting.
+
 2004-07-07  Chris Toshok  <toshok@ximian.com>
 
 	* providers/groupwise/Makefile.am (INCLUDES): use
diff --git a/camel/camel-cipher-context.c b/camel/camel-cipher-context.c
index 5725470855..f2c017e9c3 100644
--- a/camel/camel-cipher-context.c
+++ b/camel/camel-cipher-context.c
@@ -31,6 +31,7 @@
 
 #include "camel-cipher-context.h"
 #include "camel-stream.h"
+#include "camel-operation.h"
 
 #include "camel-mime-utils.h"
 #include "camel-medium.h"
@@ -123,13 +124,17 @@ camel_cipher_sign (CamelCipherContext *context, const char *userid, CamelCipherH
 	int retval;
 	
 	g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), -1);
-	
+
+	camel_operation_start(NULL, _("Signing message"));
+
 	CIPHER_LOCK(context);
 	
 	retval = CCC_CLASS (context)->sign (context, userid, hash, ipart, opart, ex);
 	
 	CIPHER_UNLOCK(context);
-	
+
+	camel_operation_end(NULL);
+
 	return retval;
 }
 
@@ -163,11 +168,15 @@ camel_cipher_verify (CamelCipherContext *context, struct _CamelMimePart *ipart,
 	
 	g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), NULL);
 	
+	camel_operation_start(NULL, _("Verifying message"));
+
 	CIPHER_LOCK(context);
 	
 	valid = CCC_CLASS (context)->verify (context, ipart, ex);
 	
 	CIPHER_UNLOCK(context);
+
+	camel_operation_end(NULL);
 	
 	return valid;
 }
@@ -202,12 +211,16 @@ camel_cipher_encrypt (CamelCipherContext *context, const char *userid, GPtrArray
 	int retval;
 	
 	g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), -1);
+
+	camel_operation_start(NULL, _("Encrypting message"));
 	
 	CIPHER_LOCK(context);
 	
 	retval = CCC_CLASS (context)->encrypt (context, userid, recipients, ipart, opart, ex);
 	
 	CIPHER_UNLOCK(context);
+
+	camel_operation_end(NULL);
 	
 	return retval;
 }
@@ -237,12 +250,16 @@ camel_cipher_decrypt(CamelCipherContext *context, struct _CamelMimePart *ipart,
 	CamelCipherValidity *valid;
 
 	g_return_val_if_fail (CAMEL_IS_CIPHER_CONTEXT (context), NULL);
+
+	camel_operation_start(NULL, _("Decrypting message"));
 	
 	CIPHER_LOCK(context);
 	
 	valid = CCC_CLASS (context)->decrypt (context, ipart, opart, ex);
 	
 	CIPHER_UNLOCK(context);
+
+	camel_operation_end(NULL);
 	
 	return valid;
 }
diff --git a/camel/camel-gpg-context.c b/camel/camel-gpg-context.c
index 7f7a493bce..fabf3495da 100644
--- a/camel/camel-gpg-context.c
+++ b/camel/camel-gpg-context.c
@@ -1621,6 +1621,7 @@ gpg_decrypt(CamelCipherContext *context, CamelMimePart *ipart, CamelMimePart *op
 	camel_stream_filter_add (CAMEL_STREAM_FILTER (filtered_stream), crlf_filter);
 	camel_object_unref (crlf_filter);*/
 	ostream = camel_stream_mem_new();
+	camel_stream_mem_set_secure((CamelStreamMem *)ostream);
 
 	gpg = gpg_ctx_new (context->session);
 	gpg_ctx_set_mode (gpg, GPG_CTX_MODE_DECRYPT);
diff --git a/camel/camel-smime-context.c b/camel/camel-smime-context.c
index 94ad6de69c..019d16d1d9 100644
--- a/camel/camel-smime-context.c
+++ b/camel/camel-smime-context.c
@@ -953,6 +953,7 @@ sm_decrypt(CamelCipherContext *context, CamelMimePart *ipart, CamelMimePart *opa
 	   this api to do this ... */
 
 	ostream = camel_stream_mem_new();
+	camel_stream_mem_set_secure((CamelStreamMem *)ostream);
 
 	/* FIXME: stream this to the decoder incrementally */
 	istream = (CamelStreamMem *)camel_stream_mem_new();
diff --git a/camel/camel-stream-mem.c b/camel/camel-stream-mem.c
index 7b93b7864b..5577a4b40a 100644
--- a/camel/camel-stream-mem.c
+++ b/camel/camel-stream-mem.c
@@ -74,6 +74,23 @@ camel_stream_mem_init (CamelObject *object)
 	stream_mem->buffer = 0;
 }
 
+/* could probably be a util method */
+static void clear_mem(void *p, size_t len)
+{
+	char *s = p;
+
+	/* This also helps debug bad access memory errors */
+	while (len > 4) {
+		*s++ = 0xAB;
+		*s++ = 0xAD;
+		*s++ = 0xF0;
+		*s++ = 0x0D;
+		len -= 4;
+	}
+
+	memset(s, 0xbf, len);
+}
+
 CamelType
 camel_stream_mem_get_type (void)
 {
@@ -122,11 +139,28 @@ camel_stream_mem_new_with_byte_array (GByteArray *byte_array)
 	return CAMEL_STREAM (stream_mem);
 }
 
+/**
+ * camel_stream_mem_set_secure:
+ * @s: 
+ * 
+ * Mark the memory stream as secure.  At the very least this means the
+ * data in the buffer will be cleared when the buffer is finalised.
+ * This only applies to buffers owned by the stream.
+ **/
+void camel_stream_mem_set_secure(CamelStreamMem *s)
+{
+	s->secure = 1;
+	/* setup a mem-locked buffer etc?  blah blah, well not yet anyway */
+}
+
 /* note: with these functions the caller is the 'owner' of the buffer */
 void camel_stream_mem_set_byte_array (CamelStreamMem *s, GByteArray *buffer)
 {
-	if (s->buffer && s->owner)
+	if (s->buffer && s->owner) {
+		if (s->secure && s->buffer->len)
+			clear_mem(s->buffer->data, s->buffer->len);
 		g_byte_array_free(s->buffer, TRUE);
+	}
 	s->owner = FALSE;
 	s->buffer = buffer;
 }
@@ -144,15 +178,15 @@ void camel_stream_mem_set_buffer (CamelStreamMem *s, const char *buffer, size_t
 static void
 camel_stream_mem_finalize (CamelObject *object)
 {
-	CamelStreamMem *stream_mem = CAMEL_STREAM_MEM (object);
+	CamelStreamMem *s = CAMEL_STREAM_MEM (object);
 
-	if (stream_mem->buffer && stream_mem->owner)
-		g_byte_array_free (stream_mem->buffer, TRUE);
-
-	/* Will be called automagically in the Camel Type System!
-	 * Wheeee!
-	 * G_TK_OBJECT_CLASS (parent_class)->finalize (object);
-	 */
+	if (s->buffer && s->owner) {
+		/* TODO: we need our own bytearray type since we don't know
+		   the real size of the underlying buffer :-/ */
+		if (s->secure && s->buffer->len)
+			clear_mem(s->buffer->data, s->buffer->len);
+		g_byte_array_free(s->buffer, TRUE);
+	}
 }
 
 static ssize_t
diff --git a/camel/camel-stream-mem.h b/camel/camel-stream-mem.h
index af51c36ff7..ba01e950ad 100644
--- a/camel/camel-stream-mem.h
+++ b/camel/camel-stream-mem.h
@@ -45,7 +45,8 @@ typedef struct _CamelStreamMemClass CamelStreamMemClass;
 struct _CamelStreamMem {
 	CamelSeekableStream parent_object;
 
-	gboolean owner;		/* do we own the buffer? */
+	unsigned int owner:1;	/* do we own the buffer? */
+	unsigned int secure:1;	/* do we clear the buffer on finalise (if we own it) */
 	GByteArray *buffer;
 };
 
@@ -63,6 +64,9 @@ CamelStream *camel_stream_mem_new(void);
 CamelStream *camel_stream_mem_new_with_byte_array(GByteArray *buffer);
 CamelStream *camel_stream_mem_new_with_buffer(const char *buffer, size_t len);
 
+/* 'secure' data, currently just clears memory on finalise */
+void camel_stream_mem_set_secure(CamelStreamMem *);
+
 /* these are really only here for implementing classes */
 void camel_stream_mem_set_byte_array(CamelStreamMem *, GByteArray *buffer);
 void camel_stream_mem_set_buffer(CamelStreamMem *, const char *buffer, size_t len);
-- 
cgit v1.2.3