motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-09-02 15:02:02 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

require newer glib2 to enable autofree'ing of stack variables exiting scope

Browse source 
* Bump minium glib2 version to 2.48
 * Convert much of the crypto code to use automatic memory free functions
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAl1ec88ACgkQvobrtBUQ
 T99J+Q//VLUBXqVEqPCc9IrcV12s9dlSTh8moIe+SEXuKHQc7STczbF0aoOnsoH3
 FmgYxibhjSC/m4OQxfuwk/F9x58mXgUgsIZGfqF0rW143xVgA0XZL9ZYL/igZFYC
 k4yQ7LvmPTicoL2IzctlgkwfpjX/2YIsBZr0sRRzutrILCeXzaY2ZTPkTPAzzCmE
 yssIkNpBfq/rZAqFGNNOQs+5Jv22e5hNYFkuIOMAM6VtZD1AEU7j0SlQ6MxL5Uo1
 GxwdBDMXLnUK94ZcYjH0m/5VqsIAkOb+dg51ZCiB2Ly8TV3hZhBJxioqWca+W324
 7IfwERYGBfCUFRdx08ff5IMxo7fsIt8f9K2qYscBZPlGetOjPeJVn+HRmSs1NY96
 KnToAp53XBh7JTaTnpC3jGuUEQtQ3oqxSkjVUJttECzuS5g/RAFYYA8IPS3JaXiy
 m9VqDembXNTtLvdI4yEqYfCnjGwayDfpbM5UOoaXDreO1jBi7DjzY46KPEqWjqys
 CUXovltZSuh1x03sodqyq14hwD1f/utVlkUaBZhcZXnE1EQVm42a5pWuHhuVgYd4
 2k1tcxhy3agLcoWSSKDkeRwMQp1ShhiiSZXtumP8DAuJT1NwdaKDRlpadcirs/po
 Zf1zo7gLU/n2y3KFxkafL/AaoKF78X94+8Bo/gyoN4bnr+Db0OY=
 =adkl
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/autofree-pull-request' into staging

require newer glib2 to enable autofree'ing of stack variables exiting scope

* Bump minium glib2 version to 2.48
* Convert much of the crypto code to use automatic memory free functions

# gpg: Signature made Thu 22 Aug 2019 11:51:59 BST
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/autofree-pull-request:
  crypto: use auto cleanup for many stack variables
  crypto: define cleanup functions for use with g_autoptr
  glib: bump min required glib library version to 2.48

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2019-08-22 17:57:09 +01:00
commit 3590b27c7a
16 changed files with 78 additions and 179 deletions
Download patch file Download diff file Expand all files Collapse all files

2
configure vendored
View file

@ -3636,7 +3636,7 @@ fi
########################################## ##########################################
# glib support probe # glib support probe
glib_req_ver=2.40 glib_req_ver=2.48
glib_modules=gthread-2.0 glib_modules=gthread-2.0
if test "$modules" = yes; then if test "$modules" = yes; then
glib_modules="$glib_modules gmodule-export-2.0" glib_modules="$glib_modules gmodule-export-2.0"

28
crypto/afsplit.c
View file

@ -58,7 +58,7 @@ static int qcrypto_afsplit_hash(QCryptoHashAlgorithm hash,
} }
for (i = 0; i < hashcount; i++) { for (i = 0; i < hashcount; i++) {
uint8_t *out = NULL; g_autofree uint8_t *out = NULL;
size_t outlen = 0; size_t outlen = 0;
uint32_t iv = cpu_to_be32(i); uint32_t iv = cpu_to_be32(i);
struct iovec in[] = { struct iovec in[] = {
@ -79,7 +79,6 @@ static int qcrypto_afsplit_hash(QCryptoHashAlgorithm hash,
assert(outlen == digestlen); assert(outlen == digestlen);
memcpy(block + (i * digestlen), out, memcpy(block + (i * digestlen), out,
(i == (hashcount - 1)) ? finallen : digestlen); (i == (hashcount - 1)) ? finallen : digestlen);
g_free(out);
} }
return 0; return 0;
@ -93,13 +92,12 @@ int qcrypto_afsplit_encode(QCryptoHashAlgorithm hash,
uint8_t *out, uint8_t *out,
Error **errp) Error **errp)
{ {
uint8_t *block = g_new0(uint8_t, blocklen); g_autofree uint8_t *block = g_new0(uint8_t, blocklen);
size_t i; size_t i;
int ret = -1;
for (i = 0; i < (stripes - 1); i++) { for (i = 0; i < (stripes - 1); i++) {
if (qcrypto_random_bytes(out + (i * blocklen), blocklen, errp) < 0) { if (qcrypto_random_bytes(out + (i * blocklen), blocklen, errp) < 0) {
goto cleanup; return -1;
} }
qcrypto_afsplit_xor(blocklen, qcrypto_afsplit_xor(blocklen,
@ -108,18 +106,14 @@ int qcrypto_afsplit_encode(QCryptoHashAlgorithm hash,
block); block);
if (qcrypto_afsplit_hash(hash, blocklen, block, if (qcrypto_afsplit_hash(hash, blocklen, block,
errp) < 0) { errp) < 0) {
goto cleanup; return -1;
} }
} }
qcrypto_afsplit_xor(blocklen, qcrypto_afsplit_xor(blocklen,
in, in,
block, block,
out + (i * blocklen)); out + (i * blocklen));
ret = 0; return 0;
cleanup:
g_free(block);
return ret;
} }
@ -130,9 +124,8 @@ int qcrypto_afsplit_decode(QCryptoHashAlgorithm hash,
uint8_t *out, uint8_t *out,
Error **errp) Error **errp)
{ {
uint8_t *block = g_new0(uint8_t, blocklen); g_autofree uint8_t *block = g_new0(uint8_t, blocklen);
size_t i; size_t i;
int ret = -1;
for (i = 0; i < (stripes - 1); i++) { for (i = 0; i < (stripes - 1); i++) {
qcrypto_afsplit_xor(blocklen, qcrypto_afsplit_xor(blocklen,
@ -141,7 +134,7 @@ int qcrypto_afsplit_decode(QCryptoHashAlgorithm hash,
block); block);
if (qcrypto_afsplit_hash(hash, blocklen, block, if (qcrypto_afsplit_hash(hash, blocklen, block,
errp) < 0) { errp) < 0) {
goto cleanup; return -1;
} }
} }
@ -149,10 +142,5 @@ int qcrypto_afsplit_decode(QCryptoHashAlgorithm hash,
in + (i * blocklen), in + (i * blocklen),
block, block,
out); out);
return 0;
ret = 0;
cleanup:
g_free(block);
return ret;
} }

74
crypto/block-luks.c
View file

@ -425,14 +425,13 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
Error **errp) Error **errp)
{ {
QCryptoBlockLUKS *luks = block->opaque; QCryptoBlockLUKS *luks = block->opaque;
uint8_t *splitkey; g_autofree uint8_t *splitkey = NULL;
size_t splitkeylen; size_t splitkeylen;
uint8_t *possiblekey; g_autofree uint8_t *possiblekey = NULL;
int ret = -1;
ssize_t rv; ssize_t rv;
QCryptoCipher *cipher = NULL; g_autoptr(QCryptoCipher) cipher = NULL;
uint8_t keydigest[QCRYPTO_BLOCK_LUKS_DIGEST_LEN]; uint8_t keydigest[QCRYPTO_BLOCK_LUKS_DIGEST_LEN];
QCryptoIVGen *ivgen = NULL; g_autoptr(QCryptoIVGen) ivgen = NULL;
size_t niv; size_t niv;
if (slot->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED) { if (slot->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED) {
@ -456,7 +455,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
slot->iterations, slot->iterations,
possiblekey, masterkeylen, possiblekey, masterkeylen,
errp) < 0) { errp) < 0) {
goto cleanup; return -1;
} }
/* /*
@ -472,7 +471,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
opaque, opaque,
errp); errp);
if (rv < 0) { if (rv < 0) {
goto cleanup; return -1;
} }
@ -482,7 +481,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
possiblekey, masterkeylen, possiblekey, masterkeylen,
errp); errp);
if (!cipher) { if (!cipher) {
goto cleanup; return -1;
} }
niv = qcrypto_cipher_get_iv_len(cipheralg, niv = qcrypto_cipher_get_iv_len(cipheralg,
@ -493,7 +492,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
possiblekey, masterkeylen, possiblekey, masterkeylen,
errp); errp);
if (!ivgen) { if (!ivgen) {
goto cleanup; return -1;
} }
@ -512,7 +511,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
splitkey, splitkey,
splitkeylen, splitkeylen,
errp) < 0) { errp) < 0) {
goto cleanup; return -1;
} }
/* /*
@ -525,7 +524,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
splitkey, splitkey,
masterkey, masterkey,
errp) < 0) { errp) < 0) {
goto cleanup; return -1;
} }
@ -544,26 +543,18 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
luks->header.master_key_iterations, luks->header.master_key_iterations,
keydigest, G_N_ELEMENTS(keydigest), keydigest, G_N_ELEMENTS(keydigest),
errp) < 0) { errp) < 0) {
goto cleanup; return -1;
} }
if (memcmp(keydigest, luks->header.master_key_digest, if (memcmp(keydigest, luks->header.master_key_digest,
QCRYPTO_BLOCK_LUKS_DIGEST_LEN) == 0) { QCRYPTO_BLOCK_LUKS_DIGEST_LEN) == 0) {
/* Success, we got the right master key */ /* Success, we got the right master key */
ret = 1; return 1;
goto cleanup;
} }
/* Fail, user's password was not valid for this key slot, /* Fail, user's password was not valid for this key slot,
* tell caller to try another slot */ * tell caller to try another slot */
ret = 0; return 0;
cleanup:
qcrypto_ivgen_free(ivgen);
qcrypto_cipher_free(cipher);
g_free(splitkey);
g_free(possiblekey);
return ret;
} }
@ -644,7 +635,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
int ret = 0; int ret = 0;
size_t i; size_t i;
ssize_t rv; ssize_t rv;
uint8_t *masterkey = NULL; g_autofree uint8_t *masterkey = NULL;
size_t masterkeylen; size_t masterkeylen;
char *ivgen_name, *ivhash_name; char *ivgen_name, *ivhash_name;
QCryptoCipherMode ciphermode; QCryptoCipherMode ciphermode;
@ -653,7 +644,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
QCryptoCipherAlgorithm ivcipheralg; QCryptoCipherAlgorithm ivcipheralg;
QCryptoHashAlgorithm hash; QCryptoHashAlgorithm hash;
QCryptoHashAlgorithm ivhash; QCryptoHashAlgorithm ivhash;
char *password = NULL; g_autofree char *password = NULL;
if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) { if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) {
if (!options->u.luks.key_secret) { if (!options->u.luks.key_secret) {
@ -856,17 +847,12 @@ qcrypto_block_luks_open(QCryptoBlock *block,
luks->ivgen_hash_alg = ivhash; luks->ivgen_hash_alg = ivhash;
luks->hash_alg = hash; luks->hash_alg = hash;
g_free(masterkey);
g_free(password);
return 0; return 0;
fail: fail:
g_free(masterkey);
qcrypto_block_free_cipher(block); qcrypto_block_free_cipher(block);
qcrypto_ivgen_free(block->ivgen); qcrypto_ivgen_free(block->ivgen);
g_free(luks); g_free(luks);
g_free(password);
return ret; return ret;
} }
@ -891,20 +877,20 @@ qcrypto_block_luks_create(QCryptoBlock *block,
QCryptoBlockLUKS *luks; QCryptoBlockLUKS *luks;
QCryptoBlockCreateOptionsLUKS luks_opts; QCryptoBlockCreateOptionsLUKS luks_opts;
Error *local_err = NULL; Error *local_err = NULL;
uint8_t *masterkey = NULL; g_autofree uint8_t *masterkey = NULL;
uint8_t *slotkey = NULL; g_autofree uint8_t *slotkey = NULL;
uint8_t *splitkey = NULL; g_autofree uint8_t *splitkey = NULL;
size_t splitkeylen = 0; size_t splitkeylen = 0;
size_t i; size_t i;
QCryptoCipher *cipher = NULL; g_autoptr(QCryptoCipher) cipher = NULL;
QCryptoIVGen *ivgen = NULL; g_autoptr(QCryptoIVGen) ivgen = NULL;
char *password; g_autofree char *password = NULL;
const char *cipher_alg; const char *cipher_alg;
const char *cipher_mode; const char *cipher_mode;
const char *ivgen_alg; const char *ivgen_alg;
const char *ivgen_hash_alg = NULL; const char *ivgen_hash_alg = NULL;
const char *hash_alg; const char *hash_alg;
char *cipher_mode_spec = NULL; g_autofree char *cipher_mode_spec = NULL;
QCryptoCipherAlgorithm ivcipheralg = 0; QCryptoCipherAlgorithm ivcipheralg = 0;
uint64_t iters; uint64_t iters;
@ -1311,15 +1297,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
luks->hash_alg = luks_opts.hash_alg; luks->hash_alg = luks_opts.hash_alg;
memset(masterkey, 0, luks->header.key_bytes); memset(masterkey, 0, luks->header.key_bytes);
g_free(masterkey);
memset(slotkey, 0, luks->header.key_bytes); memset(slotkey, 0, luks->header.key_bytes);
g_free(slotkey);
g_free(splitkey);
g_free(password);
g_free(cipher_mode_spec);
qcrypto_ivgen_free(ivgen);
qcrypto_cipher_free(cipher);
return 0; return 0;
@ -1327,17 +1305,9 @@ qcrypto_block_luks_create(QCryptoBlock *block,
if (masterkey) { if (masterkey) {
memset(masterkey, 0, luks->header.key_bytes); memset(masterkey, 0, luks->header.key_bytes);
} }
g_free(masterkey);
if (slotkey) { if (slotkey) {
memset(slotkey, 0, luks->header.key_bytes); memset(slotkey, 0, luks->header.key_bytes);
} }
g_free(slotkey);
g_free(splitkey);
g_free(password);
g_free(cipher_mode_spec);
qcrypto_ivgen_free(ivgen);
qcrypto_cipher_free(cipher);
qcrypto_block_free_cipher(block); qcrypto_block_free_cipher(block);
qcrypto_ivgen_free(block->ivgen); qcrypto_ivgen_free(block->ivgen);

15
crypto/block.c
View file

@ -299,15 +299,13 @@ static int do_qcrypto_block_cipher_encdec(QCryptoCipher *cipher,
QCryptoCipherEncDecFunc func, QCryptoCipherEncDecFunc func,
Error **errp) Error **errp)
{ {
uint8_t *iv; g_autofree uint8_t *iv = niv ? g_new0(uint8_t, niv) : NULL;
int ret = -1; int ret = -1;
uint64_t startsector = offset / sectorsize; uint64_t startsector = offset / sectorsize;
assert(QEMU_IS_ALIGNED(offset, sectorsize)); assert(QEMU_IS_ALIGNED(offset, sectorsize));
assert(QEMU_IS_ALIGNED(len, sectorsize)); assert(QEMU_IS_ALIGNED(len, sectorsize));
iv = niv ? g_new0(uint8_t, niv) : NULL;
while (len > 0) { while (len > 0) {
size_t nbytes; size_t nbytes;
if (niv) { if (niv) {
@ -320,19 +318,19 @@ static int do_qcrypto_block_cipher_encdec(QCryptoCipher *cipher,
} }
if (ret < 0) { if (ret < 0) {
goto cleanup; return -1;
} }
if (qcrypto_cipher_setiv(cipher, if (qcrypto_cipher_setiv(cipher,
iv, niv, iv, niv,
errp) < 0) { errp) < 0) {
goto cleanup; return -1;
} }
} }
nbytes = len > sectorsize ? sectorsize : len; nbytes = len > sectorsize ? sectorsize : len;
if (func(cipher, buf, buf, nbytes, errp) < 0) { if (func(cipher, buf, buf, nbytes, errp) < 0) {
goto cleanup; return -1;
} }
startsector++; startsector++;
@ -340,10 +338,7 @@ static int do_qcrypto_block_cipher_encdec(QCryptoCipher *cipher,
len -= nbytes; len -= nbytes;
} }
ret = 0; return 0;
cleanup:
g_free(iv);
return ret;
} }

5
crypto/hmac-glib.c
View file

@ -21,12 +21,7 @@ static int qcrypto_hmac_alg_map[QCRYPTO_HASH_ALG__MAX] = {
[QCRYPTO_HASH_ALG_MD5] = G_CHECKSUM_MD5, [QCRYPTO_HASH_ALG_MD5] = G_CHECKSUM_MD5,
[QCRYPTO_HASH_ALG_SHA1] = G_CHECKSUM_SHA1, [QCRYPTO_HASH_ALG_SHA1] = G_CHECKSUM_SHA1,
[QCRYPTO_HASH_ALG_SHA256] = G_CHECKSUM_SHA256, [QCRYPTO_HASH_ALG_SHA256] = G_CHECKSUM_SHA256,
/* Support for HMAC SHA-512 in GLib 2.42 */
#if GLIB_CHECK_VERSION(2, 42, 0)
[QCRYPTO_HASH_ALG_SHA512] = G_CHECKSUM_SHA512, [QCRYPTO_HASH_ALG_SHA512] = G_CHECKSUM_SHA512,
#else
[QCRYPTO_HASH_ALG_SHA512] = -1,
#endif
[QCRYPTO_HASH_ALG_SHA224] = -1, [QCRYPTO_HASH_ALG_SHA224] = -1,
[QCRYPTO_HASH_ALG_SHA384] = -1, [QCRYPTO_HASH_ALG_SHA384] = -1,
[QCRYPTO_HASH_ALG_RIPEMD160] = -1, [QCRYPTO_HASH_ALG_RIPEMD160] = -1,

5
crypto/pbkdf.c
View file

@ -69,12 +69,10 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
Error **errp) Error **errp)
{ {
uint64_t ret = -1; uint64_t ret = -1;
uint8_t *out; g_autofree uint8_t *out = g_new(uint8_t, nout);
uint64_t iterations = (1 << 15); uint64_t iterations = (1 << 15);
unsigned long long delta_ms, start_ms, end_ms; unsigned long long delta_ms, start_ms, end_ms;
out = g_new(uint8_t, nout);
while (1) { while (1) {
if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) { if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) {
goto cleanup; goto cleanup;
@ -108,6 +106,5 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
cleanup: cleanup:
memset(out, 0, nout); memset(out, 0, nout);
g_free(out);
return ret; return ret;
} }

39
crypto/secret.c
View file

@ -72,10 +72,12 @@ static void qcrypto_secret_decrypt(QCryptoSecret *secret,
size_t *outputlen, size_t *outputlen,
Error **errp) Error **errp)
{ {
uint8_t *key = NULL, *ciphertext = NULL, *iv = NULL; g_autofree uint8_t *key = NULL;
g_autofree uint8_t *ciphertext = NULL;
g_autofree uint8_t *iv = NULL;
size_t keylen, ciphertextlen, ivlen; size_t keylen, ciphertextlen, ivlen;
QCryptoCipher *aes = NULL; g_autoptr(QCryptoCipher) aes = NULL;
uint8_t *plaintext = NULL; g_autofree uint8_t *plaintext = NULL;
*output = NULL; *output = NULL;
*outputlen = 0; *outputlen = 0;
@ -83,27 +85,27 @@ static void qcrypto_secret_decrypt(QCryptoSecret *secret,
if (qcrypto_secret_lookup(secret->keyid, if (qcrypto_secret_lookup(secret->keyid,
&key, &keylen, &key, &keylen,
errp) < 0) { errp) < 0) {
goto cleanup; return;
} }
if (keylen != 32) { if (keylen != 32) {
error_setg(errp, "Key should be 32 bytes in length"); error_setg(errp, "Key should be 32 bytes in length");
goto cleanup; return;
} }
if (!secret->iv) { if (!secret->iv) {
error_setg(errp, "IV is required to decrypt secret"); error_setg(errp, "IV is required to decrypt secret");
goto cleanup; return;
} }
iv = qbase64_decode(secret->iv, -1, &ivlen, errp); iv = qbase64_decode(secret->iv, -1, &ivlen, errp);
if (!iv) { if (!iv) {
goto cleanup; return;
} }
if (ivlen != 16) { if (ivlen != 16) {
error_setg(errp, "IV should be 16 bytes in length not %zu", error_setg(errp, "IV should be 16 bytes in length not %zu",
ivlen); ivlen);
goto cleanup; return;
} }
aes = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_256, aes = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_256,
@ -111,11 +113,11 @@ static void qcrypto_secret_decrypt(QCryptoSecret *secret,
key, keylen, key, keylen,
errp); errp);
if (!aes) { if (!aes) {
goto cleanup; return;
} }
if (qcrypto_cipher_setiv(aes, iv, ivlen, errp) < 0) { if (qcrypto_cipher_setiv(aes, iv, ivlen, errp) < 0) {
goto cleanup; return;
} }
if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) { if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
@ -124,7 +126,7 @@ static void qcrypto_secret_decrypt(QCryptoSecret *secret,
&ciphertextlen, &ciphertextlen,
errp); errp);
if (!ciphertext) { if (!ciphertext) {
goto cleanup; return;
} }
plaintext = g_new0(uint8_t, ciphertextlen + 1); plaintext = g_new0(uint8_t, ciphertextlen + 1);
} else { } else {
@ -136,8 +138,7 @@ static void qcrypto_secret_decrypt(QCryptoSecret *secret,
plaintext, plaintext,
ciphertextlen, ciphertextlen,
errp) < 0) { errp) < 0) {
plaintext = NULL; return;
goto cleanup;
} }
if (plaintext[ciphertextlen - 1] > 16 || if (plaintext[ciphertextlen - 1] > 16 ||
@ -145,9 +146,7 @@ static void qcrypto_secret_decrypt(QCryptoSecret *secret,
error_setg(errp, "Incorrect number of padding bytes (%d) " error_setg(errp, "Incorrect number of padding bytes (%d) "
"found on decrypted data", "found on decrypted data",
(int)plaintext[ciphertextlen - 1]); (int)plaintext[ciphertextlen - 1]);
g_free(plaintext); return;
plaintext = NULL;
goto cleanup;
} }
/* Even though plaintext may contain arbitrary NUL /* Even though plaintext may contain arbitrary NUL
@ -156,14 +155,8 @@ static void qcrypto_secret_decrypt(QCryptoSecret *secret,
ciphertextlen -= plaintext[ciphertextlen - 1]; ciphertextlen -= plaintext[ciphertextlen - 1];
plaintext[ciphertextlen] = '\0'; plaintext[ciphertextlen] = '\0';
*output = plaintext; *output = g_steal_pointer(&plaintext);
*outputlen = ciphertextlen; *outputlen = ciphertextlen;
cleanup:
g_free(ciphertext);
g_free(iv);
g_free(key);
qcrypto_cipher_free(aes);
} }

16
crypto/tlscredsanon.c
View file

@ -34,9 +34,8 @@ static int
qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds, qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds,
Error **errp) Error **errp)
{ {
char *dhparams = NULL; g_autofree char *dhparams = NULL;
int ret; int ret;
int rv = -1;
trace_qcrypto_tls_creds_anon_load(creds, trace_qcrypto_tls_creds_anon_load(creds,
creds->parent_obj.dir ? creds->parent_obj.dir : "<nodir>"); creds->parent_obj.dir ? creds->parent_obj.dir : "<nodir>");
@ -45,20 +44,20 @@ qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds,
if (qcrypto_tls_creds_get_path(&creds->parent_obj, if (qcrypto_tls_creds_get_path(&creds->parent_obj,
QCRYPTO_TLS_CREDS_DH_PARAMS, QCRYPTO_TLS_CREDS_DH_PARAMS,
false, &dhparams, errp) < 0) { false, &dhparams, errp) < 0) {
goto cleanup; return -1;
} }
ret = gnutls_anon_allocate_server_credentials(&creds->data.server); ret = gnutls_anon_allocate_server_credentials(&creds->data.server);
if (ret < 0) { if (ret < 0) {
error_setg(errp, "Cannot allocate credentials: %s", error_setg(errp, "Cannot allocate credentials: %s",
gnutls_strerror(ret)); gnutls_strerror(ret));
goto cleanup; return -1;
} }
if (qcrypto_tls_creds_get_dh_params_file(&creds->parent_obj, dhparams, if (qcrypto_tls_creds_get_dh_params_file(&creds->parent_obj, dhparams,
&creds->parent_obj.dh_params, &creds->parent_obj.dh_params,
errp) < 0) { errp) < 0) {
goto cleanup; return -1;
} }
gnutls_anon_set_server_dh_params(creds->data.server, gnutls_anon_set_server_dh_params(creds->data.server,
@ -68,14 +67,11 @@ qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds,
if (ret < 0) { if (ret < 0) {
error_setg(errp, "Cannot allocate credentials: %s", error_setg(errp, "Cannot allocate credentials: %s",
gnutls_strerror(ret)); gnutls_strerror(ret));
goto cleanup; return -1;
} }
} }
rv = 0; return 0;
cleanup:
g_free(dhparams);
return rv;
} }

5
crypto/tlscredspsk.c
View file

@ -69,7 +69,8 @@ static int
qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds,
Error **errp) Error **errp)
{ {
char *pskfile = NULL, *dhparams = NULL; g_autofree char *pskfile = NULL;
g_autofree char *dhparams = NULL;
const char *username; const char *username;
int ret; int ret;
int rv = -1; int rv = -1;
@ -139,8 +140,6 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds,
rv = 0; rv = 0;
cleanup: cleanup:
g_free(key.data); g_free(key.data);
g_free(pskfile);
g_free(dhparams);
return rv; return rv;
} }

16
crypto/tlscredsx509.c
View file

@ -378,7 +378,7 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds,
{ {
gnutls_datum_t data; gnutls_datum_t data;
gnutls_x509_crt_t cert = NULL; gnutls_x509_crt_t cert = NULL;
char *buf = NULL; g_autofree char *buf = NULL;
gsize buflen; gsize buflen;
GError *gerr; GError *gerr;
int ret = -1; int ret = -1;
@ -420,7 +420,6 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds,
gnutls_x509_crt_deinit(cert); gnutls_x509_crt_deinit(cert);
cert = NULL; cert = NULL;
} }
g_free(buf);
return cert; return cert;
} }
@ -434,9 +433,8 @@ qcrypto_tls_creds_load_ca_cert_list(QCryptoTLSCredsX509 *creds,
Error **errp) Error **errp)
{ {
gnutls_datum_t data; gnutls_datum_t data;
char *buf = NULL; g_autofree char *buf = NULL;
gsize buflen; gsize buflen;
int ret = -1;
GError *gerr = NULL; GError *gerr = NULL;
*ncerts = 0; *ncerts = 0;
@ -446,7 +444,7 @@ qcrypto_tls_creds_load_ca_cert_list(QCryptoTLSCredsX509 *creds,
error_setg(errp, "Cannot load CA cert list %s: %s", error_setg(errp, "Cannot load CA cert list %s: %s",
certFile, gerr->message); certFile, gerr->message);
g_error_free(gerr); g_error_free(gerr);
goto cleanup; return -1;
} }
data.data = (unsigned char *)buf; data.data = (unsigned char *)buf;
@ -457,15 +455,11 @@ qcrypto_tls_creds_load_ca_cert_list(QCryptoTLSCredsX509 *creds,
error_setg(errp, error_setg(errp,
"Unable to import CA certificate list %s", "Unable to import CA certificate list %s",
certFile); certFile);
goto cleanup; return -1;
} }
*ncerts = certMax; *ncerts = certMax;
ret = 0; return 0;
cleanup:
g_free(buf);
return ret;
} }

2
include/crypto/block.h
View file

@ -268,4 +268,6 @@ uint64_t qcrypto_block_get_sector_size(QCryptoBlock *block);
*/ */
void qcrypto_block_free(QCryptoBlock *block); void qcrypto_block_free(QCryptoBlock *block);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoBlock, qcrypto_block_free)
#endif /* QCRYPTO_BLOCK_H */ #endif /* QCRYPTO_BLOCK_H */

2
include/crypto/cipher.h
View file

@ -170,6 +170,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
*/ */
void qcrypto_cipher_free(QCryptoCipher *cipher); void qcrypto_cipher_free(QCryptoCipher *cipher);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoCipher, qcrypto_cipher_free)
/** /**
* qcrypto_cipher_encrypt: * qcrypto_cipher_encrypt:
* @cipher: the cipher object * @cipher: the cipher object

2
include/crypto/hmac.h
View file

@ -65,6 +65,8 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
*/ */
void qcrypto_hmac_free(QCryptoHmac *hmac); void qcrypto_hmac_free(QCryptoHmac *hmac);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoHmac, qcrypto_hmac_free)
/** /**
* qcrypto_hmac_bytesv: * qcrypto_hmac_bytesv:
* @hmac: the hmac object * @hmac: the hmac object

2
include/crypto/ivgen.h
View file

@ -203,4 +203,6 @@ QCryptoHashAlgorithm qcrypto_ivgen_get_hash(QCryptoIVGen *ivgen);
*/ */
void qcrypto_ivgen_free(QCryptoIVGen *ivgen); void qcrypto_ivgen_free(QCryptoIVGen *ivgen);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoIVGen, qcrypto_ivgen_free)
#endif /* QCRYPTO_IVGEN_H */ #endif /* QCRYPTO_IVGEN_H */

2
include/crypto/tlssession.h
View file

@ -160,6 +160,8 @@ QCryptoTLSSession *qcrypto_tls_session_new(QCryptoTLSCreds *creds,
*/ */
void qcrypto_tls_session_free(QCryptoTLSSession *sess); void qcrypto_tls_session_free(QCryptoTLSSession *sess);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoTLSSession, qcrypto_tls_session_free)
/** /**
* qcrypto_tls_session_check_credentials: * qcrypto_tls_session_check_credentials:
* @sess: the TLS session object * @sess: the TLS session object

42
include/glib-compat.h
View file

@ -19,12 +19,12 @@
/* Ask for warnings for anything that was marked deprecated in /* Ask for warnings for anything that was marked deprecated in
* the defined version, or before. It is a candidate for rewrite. * the defined version, or before. It is a candidate for rewrite.
*/ */
#define GLIB_VERSION_MIN_REQUIRED GLIB_VERSION_2_40 #define GLIB_VERSION_MIN_REQUIRED GLIB_VERSION_2_48
/* Ask for warnings if code tries to use function that did not /* Ask for warnings if code tries to use function that did not
* exist in the defined version. These risk breaking builds * exist in the defined version. These risk breaking builds
*/ */
#define GLIB_VERSION_MAX_ALLOWED GLIB_VERSION_2_40 #define GLIB_VERSION_MAX_ALLOWED GLIB_VERSION_2_48
#pragma GCC diagnostic push #pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations" #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
@ -63,26 +63,6 @@
* without generating warnings. * without generating warnings.
*/ */
static inline gboolean g_strv_contains_qemu(const gchar *const *strv,
const gchar *str)
{
#if GLIB_CHECK_VERSION(2, 44, 0)
return g_strv_contains(strv, str);
#else
g_return_val_if_fail(strv != NULL, FALSE);
g_return_val_if_fail(str != NULL, FALSE);
for (; *strv != NULL; strv++) {
if (g_str_equal(str, *strv)) {
return TRUE;
}
}
return FALSE;
#endif
}
#define g_strv_contains(a, b) g_strv_contains_qemu(a, b)
#if defined(_WIN32) && !GLIB_CHECK_VERSION(2, 50, 0) #if defined(_WIN32) && !GLIB_CHECK_VERSION(2, 50, 0)
/* /*
* g_poll has a problem on Windows when using * g_poll has a problem on Windows when using
@ -92,24 +72,6 @@ static inline gboolean g_strv_contains_qemu(const gchar *const *strv,
gint g_poll_fixed(GPollFD *fds, guint nfds, gint timeout); gint g_poll_fixed(GPollFD *fds, guint nfds, gint timeout);
#endif #endif
#ifndef g_assert_cmpmem
#define g_assert_cmpmem(m1, l1, m2, l2) \
do { \
gconstpointer __m1 = m1, __m2 = m2; \
int __l1 = l1, __l2 = l2; \
if (__l1 != __l2) { \
g_assertion_message_cmpnum( \
G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, \
#l1 " (len(" #m1 ")) == " #l2 " (len(" #m2 "))", __l1, "==", \
__l2, 'i'); \
} else if (memcmp(__m1, __m2, __l1) != 0) { \
g_assertion_message(G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, \
"assertion failed (" #m1 " == " #m2 ")"); \
} \
} while (0)
#endif
#pragma GCC diagnostic pop #pragma GCC diagnostic pop
#endif #endif