From: Kamil Szczęk <kamil@szczek.dev>
Date: Wed, 5 Jun 2024 09:21:23 +0000 (+0200)
Subject: json: use secure un{base64,hex}mem for sensitive variants
X-Git-Tag: v256-rc4~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80313c55770ef0e2174fe5750680e426278416cb;p=thirdparty%2Fsystemd.git

json: use secure un{base64,hex}mem for sensitive variants

While tracing a LUKS code path in homework, I've noticed that we don't
erase buffers when doing unbase64 or unhex on JSON variants, even if the
variant is marked as sensitive.
---

diff --git a/src/shared/json.c b/src/shared/json.c
index e1ee98ef2d5..4af34e52139 100644
--- a/src/shared/json.c
+++ b/src/shared/json.c
@@ -5272,14 +5272,14 @@ int json_variant_unbase64(JsonVariant *v, void **ret, size_t *ret_size) {
         if (!json_variant_is_string(v))
                 return -EINVAL;
 
-        return unbase64mem(json_variant_string(v), ret, ret_size);
+        return unbase64mem_full(json_variant_string(v), SIZE_MAX, /* secure= */ json_variant_is_sensitive(v), ret, ret_size);
 }
 
 int json_variant_unhex(JsonVariant *v, void **ret, size_t *ret_size) {
         if (!json_variant_is_string(v))
                 return -EINVAL;
 
-        return unhexmem(json_variant_string(v), ret, ret_size);
+        return unhexmem_full(json_variant_string(v), SIZE_MAX, /* secure= */ json_variant_is_sensitive(v), ret, ret_size);
 }
 
 static const char* const json_variant_type_table[_JSON_VARIANT_TYPE_MAX] = {