From: Mike Yuan Date: Mon, 8 Jan 2024 09:22:33 +0000 (+0800) Subject: hexdecoct: make unbase64mem and unhexmem always use SIZE_MAX X-Git-Tag: v256-rc1~1235 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bdd2036e8141140f290769ce46a1276598450697;p=thirdparty%2Fsystemd.git hexdecoct: make unbase64mem and unhexmem always use SIZE_MAX --- diff --git a/src/analyze/analyze-pcrs.c b/src/analyze/analyze-pcrs.c index ed907f78d10..43e415fc6df 100644 --- a/src/analyze/analyze-pcrs.c +++ b/src/analyze/analyze-pcrs.c @@ -48,7 +48,7 @@ static int get_current_pcr(const char *alg, uint32_t pcr, void **ret, size_t *re if (r < 0) return log_error_errno(r, "Failed to read '%s': %m", p); - r = unhexmem(s, ss, &buf, &bufsize); + r = unhexmem_full(s, ss, /* secure = */ false, &buf, &bufsize); if (r < 0) return log_error_errno(r, "Failed to decode hex PCR data '%s': %m", s); diff --git a/src/basic/hexdecoct.c b/src/basic/hexdecoct.c index ea683eb4273..4cb67d94a48 100644 --- a/src/basic/hexdecoct.c +++ b/src/basic/hexdecoct.c @@ -114,7 +114,7 @@ int unhexmem_full( const char *p, size_t l, bool secure, - void **ret, + void **ret_data, size_t *ret_len) { _cleanup_free_ uint8_t *buf = NULL; @@ -155,8 +155,8 @@ int unhexmem_full( if (ret_len) *ret_len = (size_t) (z - buf); - if (ret) - *ret = TAKE_PTR(buf); + if (ret_data) + *ret_data = TAKE_PTR(buf); return 0; } @@ -766,7 +766,7 @@ int unbase64mem_full( const char *p, size_t l, bool secure, - void **ret, + void **ret_data, size_t *ret_size) { _cleanup_free_ uint8_t *buf = NULL; @@ -854,8 +854,8 @@ int unbase64mem_full( if (ret_size) *ret_size = (size_t) (z - buf); - if (ret) - *ret = TAKE_PTR(buf); + if (ret_data) + *ret_data = TAKE_PTR(buf); return 0; } diff --git a/src/basic/hexdecoct.h b/src/basic/hexdecoct.h index 319b21a17c6..0a10af3e16a 100644 --- a/src/basic/hexdecoct.h +++ b/src/basic/hexdecoct.h @@ -18,9 +18,9 @@ char hexchar(int x) _const_; int unhexchar(char c) _const_; char *hexmem(const void *p, size_t l); -int unhexmem_full(const char *p, size_t l, bool secure, void **mem, size_t *len); -static inline int unhexmem(const char *p, size_t l, void **mem, size_t *len) { - return unhexmem_full(p, l, false, mem, len); +int unhexmem_full(const char *p, size_t l, bool secure, void **ret_data, size_t *ret_size); +static inline int unhexmem(const char *p, void **ret_data, size_t *ret_size) { + return unhexmem_full(p, SIZE_MAX, false, ret_data, ret_size); } char base32hexchar(int x) _const_; @@ -45,9 +45,9 @@ ssize_t base64_append( size_t l, size_t margin, size_t width); -int unbase64mem_full(const char *p, size_t l, bool secure, void **mem, size_t *len); -static inline int unbase64mem(const char *p, size_t l, void **mem, size_t *len) { - return unbase64mem_full(p, l, false, mem, len); +int unbase64mem_full(const char *p, size_t l, bool secure, void **ret_data, size_t *ret_size); +static inline int unbase64mem(const char *p, void **ret_data, size_t *ret_size) { + return unbase64mem_full(p, SIZE_MAX, false, ret_data, ret_size); } void hexdump(FILE *f, const void *p, size_t s); diff --git a/src/boot/measure.c b/src/boot/measure.c index 5c5071eabe5..262ef89f1a7 100644 --- a/src/boot/measure.c +++ b/src/boot/measure.c @@ -419,7 +419,7 @@ static int measure_kernel(PcrState *pcr_states, size_t n) { if (r < 0) return log_error_errno(r, "Failed to read '%s': %m", p); - r = unhexmem(strstrip(s), SIZE_MAX, &v, &sz); + r = unhexmem(strstrip(s), &v, &sz); if (r < 0) return log_error_errno(r, "Failed to decode PCR value '%s': %m", s); @@ -995,7 +995,7 @@ static int verb_status(int argc, char *argv[], void *userdata) { if (r < 0) return log_error_errno(r, "Failed to read '%s': %m", p); - r = unhexmem(strstrip(s), SIZE_MAX, &h, &l); + r = unhexmem(strstrip(s), &h, &l); if (r < 0) return log_error_errno(r, "Failed to decode PCR value '%s': %m", s); diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c index dd48ad3f657..ccfc00c6e95 100644 --- a/src/core/execute-serialize.c +++ b/src/core/execute-serialize.c @@ -2670,12 +2670,12 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) { return r; } else if ((val = startswith(l, "exec-context-root-hash="))) { c->root_hash = mfree(c->root_hash); - r = unhexmem(val, strlen(val), &c->root_hash, &c->root_hash_size); + r = unhexmem(val, &c->root_hash, &c->root_hash_size); if (r < 0) return r; } else if ((val = startswith(l, "exec-context-root-hash-sig="))) { c->root_hash_sig = mfree(c->root_hash_sig); - r= unbase64mem(val, strlen(val), &c->root_hash_sig, &c->root_hash_sig_size); + r= unbase64mem(val, &c->root_hash_sig, &c->root_hash_sig_size); if (r < 0) return r; } else if ((val = startswith(l, "exec-context-root-ephemeral="))) { @@ -3055,7 +3055,7 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) { if (c->stdin_data) return -EINVAL; /* duplicated */ - r = unbase64mem(val, strlen(val), &c->stdin_data, &c->stdin_data_size); + r = unbase64mem(val, &c->stdin_data, &c->stdin_data_size); if (r < 0) return r; } else if ((val = startswith(l, "exec-context-tty-path="))) { @@ -3690,7 +3690,7 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) { .encrypted = r, }; - r = unbase64mem(data, strlen(data), &sc->data, &sc->size); + r = unbase64mem(data, &sc->data, &sc->size); if (r < 0) return r; diff --git a/src/core/import-creds.c b/src/core/import-creds.c index e53deb639ec..be56c4676f3 100644 --- a/src/core/import-creds.c +++ b/src/core/import-creds.c @@ -314,7 +314,7 @@ static int proc_cmdline_callback(const char *key, const char *value, void *data) colon++; if (base64) { - r = unbase64mem(colon, SIZE_MAX, &binary, &l); + r = unbase64mem(colon, &binary, &l); if (r < 0) { log_warning_errno(r, "Failed to decode binary credential '%s' data, ignoring: %m", n); return 0; @@ -525,7 +525,7 @@ static int parse_smbios_strings(ImportCredentialContext *c, const char *data, si /* Optionally base64 decode the data, if requested, to allow binary credentials */ if (unbase64) { - r = unbase64mem(eq + 1, nul - (eq + 1), &buf, &buflen); + r = unbase64mem_full(eq + 1, nul - (eq + 1), /* secure = */ false, &buf, &buflen); if (r < 0) { log_warning_errno(r, "Failed to base64 decode credential '%s', ignoring: %m", cn); continue; diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index b424ef06207..ee11c36d7d4 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -1254,7 +1254,7 @@ int config_parse_exec_input_data( return 0; } - r = unbase64mem(rvalue, SIZE_MAX, &p, &sz); + r = unbase64mem(rvalue, &p, &sz); if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode base64 data, ignoring: %s", rvalue); @@ -1748,7 +1748,7 @@ int config_parse_exec_root_hash( } /* We have a roothash to decode, eg: RootHash=012345789abcdef */ - r = unhexmem(rvalue, strlen(rvalue), &roothash_decoded, &roothash_decoded_size); + r = unhexmem(rvalue, &roothash_decoded, &roothash_decoded_size); if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHash=, ignoring: %s", rvalue); return 0; @@ -1816,7 +1816,7 @@ int config_parse_exec_root_hash_sig( } /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */ - r = unbase64mem(value, strlen(value), &roothash_sig_decoded, &roothash_sig_decoded_size); + r = unbase64mem(value, &roothash_sig_decoded, &roothash_sig_decoded_size); if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHashSignature=, ignoring: %s", rvalue); return 0; diff --git a/src/core/main.c b/src/core/main.c index f15d2ff25cb..10f60c24251 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -464,7 +464,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat if (proc_cmdline_value_missing(key, value)) return 0; - r = unbase64mem(value, SIZE_MAX, &p, &sz); + r = unbase64mem(value, &p, &sz); if (r < 0) log_warning_errno(r, "Failed to parse systemd.random_seed= argument, ignoring: %s", value); diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c index 608b94ea780..87e19814db4 100644 --- a/src/cryptenroll/cryptenroll-tpm2.c +++ b/src/cryptenroll/cryptenroll-tpm2.c @@ -51,7 +51,7 @@ static int search_policy_hash( return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 token data lacks 'tpm2-policy-hash' field."); - r = unhexmem(json_variant_string(w), SIZE_MAX, &thash, &thash_size); + r = unhexmem(json_variant_string(w), &thash, &thash_size); if (r < 0) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid base64 data in 'tpm2-policy-hash' field."); diff --git a/src/cryptsetup/cryptsetup-pkcs11.c b/src/cryptsetup/cryptsetup-pkcs11.c index f991389aa5b..4ef249509d4 100644 --- a/src/cryptsetup/cryptsetup-pkcs11.c +++ b/src/cryptsetup/cryptsetup-pkcs11.c @@ -154,7 +154,7 @@ int find_pkcs11_auto_data( assert(!key); assert(key_size == 0); - r = unbase64mem(json_variant_string(w), SIZE_MAX, &key, &key_size); + r = unbase64mem(json_variant_string(w), &key, &key_size); if (r < 0) return log_error_errno(r, "Failed to decode base64 encoded key."); } diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c index fdb3b17d2dd..2f79d07a87f 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c @@ -172,7 +172,7 @@ _public_ int cryptsetup_token_validate( return 1; } - r = unbase64mem(json_variant_string(w), SIZE_MAX, NULL, NULL); + r = unbase64mem(json_variant_string(w), NULL, NULL); if (r < 0) return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'fido2-credential' field: %m"); @@ -182,7 +182,7 @@ _public_ int cryptsetup_token_validate( return 1; } - r = unbase64mem(json_variant_string(w), SIZE_MAX, NULL, NULL); + r = unbase64mem(json_variant_string(w), NULL, NULL); if (r < 0) return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded salt: %m."); diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c index 2ac8a270c5d..98f4b08b763 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c @@ -136,7 +136,7 @@ _public_ int cryptsetup_token_validate( return 1; } - r = unbase64mem(json_variant_string(w), SIZE_MAX, NULL, NULL); + r = unbase64mem(json_variant_string(w), NULL, NULL); if (r < 0) return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded key: %m."); diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c index 29cc1ac5430..14b98abc060 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c @@ -309,7 +309,7 @@ _public_ int cryptsetup_token_validate( return 1; } - r = unbase64mem(json_variant_string(w), SIZE_MAX, NULL, NULL); + r = unbase64mem(json_variant_string(w), NULL, NULL); if (r < 0) return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'tpm2-blob' field: %m"); @@ -319,7 +319,7 @@ _public_ int cryptsetup_token_validate( return 1; } - r = unhexmem(json_variant_string(w), SIZE_MAX, NULL, NULL); + r = unhexmem(json_variant_string(w), NULL, NULL); if (r < 0) return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'tpm2-policy-hash' field: %m"); diff --git a/src/cryptsetup/cryptsetup-tokens/luks2-fido2.c b/src/cryptsetup/cryptsetup-tokens/luks2-fido2.c index a1c85e600c7..5b386133a82 100644 --- a/src/cryptsetup/cryptsetup-tokens/luks2-fido2.c +++ b/src/cryptsetup/cryptsetup-tokens/luks2-fido2.c @@ -104,7 +104,7 @@ int parse_luks2_fido2_data( if (!w) return -EINVAL; - r = unbase64mem(json_variant_string(w), SIZE_MAX, &cid, &cid_size); + r = unbase64mem(json_variant_string(w), &cid, &cid_size); if (r < 0) return crypt_log_error_errno(cd, r, "Failed to parse 'fido2-credentials' field: %m"); @@ -112,7 +112,7 @@ int parse_luks2_fido2_data( if (!w) return -EINVAL; - r = unbase64mem(json_variant_string(w), SIZE_MAX, &salt, &salt_size); + r = unbase64mem(json_variant_string(w), &salt, &salt_size); if (r < 0) return crypt_log_error_errno(cd, r, "Failed to parse 'fido2-salt' field: %m"); diff --git a/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c b/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c index 178fc7a87b4..512a4cf18ac 100644 --- a/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c +++ b/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c @@ -260,7 +260,7 @@ int parse_luks2_pkcs11_data( if (!w) return -EINVAL; - r = unbase64mem(json_variant_string(w), SIZE_MAX, &key, &key_size); + r = unbase64mem(json_variant_string(w), &key, &key_size); if (r < 0) return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded key: %m."); diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 80f8f91948f..a8be8052370 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -368,7 +368,7 @@ static int parse_one_option(const char *option) { _cleanup_free_ void *cid = NULL; size_t cid_size; - r = unbase64mem(val, SIZE_MAX, &cid, &cid_size); + r = unbase64mem(val, &cid, &cid_size); if (r < 0) return log_error_errno(r, "Failed to decode FIDO2 CID data: %m"); diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index ce4a99bc0be..35a5d7a236b 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -423,7 +423,7 @@ static int parse_argv(int argc, char *argv[]) { _cleanup_free_ void *p = NULL; size_t l; - r = unhexmem(optarg, strlen(optarg), &p, &l); + r = unhexmem(optarg, &p, &l); if (r < 0) return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg); if (l < sizeof(sd_id128_t)) @@ -441,7 +441,7 @@ static int parse_argv(int argc, char *argv[]) { void *p; if ((value = startswith(optarg, "base64:"))) { - r = unbase64mem(value, strlen(value), &p, &l); + r = unbase64mem(value, &p, &l); if (r < 0) return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg); } else { diff --git a/src/home/homework-fscrypt.c b/src/home/homework-fscrypt.c index ad0b69b021c..d737f6db084 100644 --- a/src/home/homework-fscrypt.c +++ b/src/home/homework-fscrypt.c @@ -239,10 +239,11 @@ static int fscrypt_setup( if (!e) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "xattr %s lacks ':' separator: %m", xa); - r = unbase64mem(value, e - value, &salt, &salt_size); + r = unbase64mem_full(value, e - value, /* secure = */ false, &salt, &salt_size); if (r < 0) return log_error_errno(r, "Failed to decode salt of %s: %m", xa); - r = unbase64mem(e+1, n - (e - value) - 1, &encrypted, &encrypted_size); + + r = unbase64mem_full(e + 1, n - (e - value) - 1, /* secure = */ false, &encrypted, &encrypted_size); if (r < 0) return log_error_errno(r, "Failed to decode encrypted key of %s: %m", xa); diff --git a/src/import/pull.c b/src/import/pull.c index 38821b5790f..10e3f131a1c 100644 --- a/src/import/pull.c +++ b/src/import/pull.c @@ -353,7 +353,7 @@ static int parse_argv(int argc, char *argv[]) { /* If this is not a valid verification mode, maybe it's a literally specified * SHA256 hash? We can handle that too... */ - r = unhexmem(optarg, (size_t) -1, &h, &n); + r = unhexmem(optarg, &h, &n); if (r < 0 || n == 0) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid verification setting: %s", optarg); diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index fd32fbb0490..401e70823a9 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -1479,7 +1479,7 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { _cleanup_free_ void *data = NULL; size_t data_size; - r = unhexmem(client_id_hex, SIZE_MAX, &data, &data_size); + r = unhexmem(client_id_hex, &data, &data_size); if (r < 0) log_debug_errno(r, "Failed to parse client ID %s, ignoring: %m", client_id_hex); @@ -1489,7 +1489,7 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { } if (vendor_specific_hex) { - r = unhexmem(vendor_specific_hex, SIZE_MAX, &lease->vendor_specific, &lease->vendor_specific_len); + r = unhexmem(vendor_specific_hex, &lease->vendor_specific, &lease->vendor_specific_len); if (r < 0) log_debug_errno(r, "Failed to parse vendor specific data %s, ignoring: %m", vendor_specific_hex); } @@ -1501,7 +1501,7 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { if (!options[i]) continue; - r = unhexmem(options[i], SIZE_MAX, &data, &len); + r = unhexmem(options[i], &data, &len); if (r < 0) { log_debug_errno(r, "Failed to parse private DHCP option %s, ignoring: %m", options[i]); continue; diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c index 718709f0b24..6dcae2e183a 100644 --- a/src/libsystemd/sd-bus/bus-socket.c +++ b/src/libsystemd/sd-bus/bus-socket.c @@ -266,7 +266,7 @@ static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) { if (l % 2 != 0) return 0; - r = unhexmem(p, l, (void **) &token, &len); + r = unhexmem_full(p, l, /* secure = */ false, (void**) &token, &len); if (r < 0) return 0; @@ -298,7 +298,7 @@ static int verify_external_token(sd_bus *b, const char *p, size_t l) { if (l % 2 != 0) return 0; - r = unhexmem(p, l, (void**) &token, &len); + r = unhexmem_full(p, l, /* secure = */ false, (void**) &token, &len); if (r < 0) return 0; diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 56f9ac7fc1d..338609b1869 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -1976,7 +1976,7 @@ _public_ int sd_event_add_memory_pressure( env = secure_getenv("MEMORY_PRESSURE_WRITE"); if (env) { - r = unbase64mem(env, SIZE_MAX, &write_buffer, &write_buffer_size); + r = unbase64mem(env, &write_buffer, &write_buffer_size); if (r < 0) return r; } diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c index 877898c06d4..4b9f19cc95c 100644 --- a/src/network/netdev/macsec.c +++ b/src/network/netdev/macsec.c @@ -712,7 +712,7 @@ int config_parse_macsec_key( dest = a ? &a->sa : &b->sa; - r = unhexmem_full(rvalue, strlen(rvalue), true, &p, &l); + r = unhexmem_full(rvalue, SIZE_MAX, /* secure = */ true, &p, &l); if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse key. Ignoring assignment: %m"); return 0; @@ -820,7 +820,7 @@ int config_parse_macsec_key_id( if (r < 0) return log_oom(); - r = unhexmem(rvalue, strlen(rvalue), &p, &l); + r = unhexmem(rvalue, &p, &l); if (r == -ENOMEM) return log_oom(); if (r < 0) { diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 839b90cc5dd..b5cd00874d8 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1396,7 +1396,7 @@ static int parse_argv(int argc, char *argv[]) { _cleanup_free_ void *k = NULL; size_t l; - r = unhexmem(optarg, strlen(optarg), &k, &l); + r = unhexmem(optarg, &k, &l); if (r < 0) return log_error_errno(r, "Failed to parse root hash: %s", optarg); if (l < sizeof(sd_id128_t)) @@ -1413,7 +1413,7 @@ static int parse_argv(int argc, char *argv[]) { void *p; if ((value = startswith(optarg, "base64:"))) { - r = unbase64mem(value, strlen(value), &p, &l); + r = unbase64mem(value, &p, &l); if (r < 0) return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg); diff --git a/src/resolve/resolved-conf.c b/src/resolve/resolved-conf.c index 2f08ed0fe67..182ac20c3f8 100644 --- a/src/resolve/resolved-conf.c +++ b/src/resolve/resolved-conf.c @@ -362,7 +362,7 @@ int config_parse_dnssd_txt( case DNS_TXT_ITEM_DATA: if (value) { - r = unbase64mem(value, strlen(value), &decoded, &length); + r = unbase64mem(value, &decoded, &length); if (r == -ENOMEM) return log_oom(); if (r < 0) { diff --git a/src/resolve/resolved-dns-trust-anchor.c b/src/resolve/resolved-dns-trust-anchor.c index 2156f4f685d..1e42cdddb1e 100644 --- a/src/resolve/resolved-dns-trust-anchor.c +++ b/src/resolve/resolved-dns-trust-anchor.c @@ -279,7 +279,7 @@ static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, u return -EINVAL; } - r = unhexmem(p, strlen(p), &dd, &l); + r = unhexmem(p, &dd, &l); if (r < 0) { log_warning("Failed to parse DS digest %s on line %s:%u", p, path, line); return -EINVAL; @@ -338,7 +338,7 @@ static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, u return -EINVAL; } - r = unbase64mem(p, strlen(p), &k, &l); + r = unbase64mem(p, &k, &l); if (r < 0) return log_warning_errno(r, "Failed to parse DNSKEY key data %s on line %s:%u", p, path, line); diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index bba040112d2..dae7dd5e36f 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -1213,7 +1213,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con _cleanup_free_ void *decoded = NULL; size_t decoded_size; - r = unbase64mem(p, SIZE_MAX, &decoded, &decoded_size); + r = unbase64mem(p, &decoded, &decoded_size); if (r < 0) return log_error_errno(r, "Failed to base64 decode encrypted credential: %m"); @@ -1400,7 +1400,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con _cleanup_free_ void *decoded = NULL; size_t sz; - r = unbase64mem(eq, SIZE_MAX, &decoded, &sz); + r = unbase64mem(eq, &decoded, &sz); if (r < 0) return log_error_errno(r, "Failed to decode base64 data '%s': %m", eq); @@ -1787,7 +1787,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con return bus_append_string(m, "RootHashPath", eq); /* We have a roothash to decode, eg: RootHash=012345789abcdef */ - r = unhexmem(eq, strlen(eq), &roothash_decoded, &roothash_decoded_size); + r = unhexmem(eq, &roothash_decoded, &roothash_decoded_size); if (r < 0) return log_error_errno(r, "Failed to decode RootHash= '%s': %m", eq); if (roothash_decoded_size < sizeof(sd_id128_t)) @@ -1809,7 +1809,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to decode RootHashSignature= '%s', not a path but doesn't start with 'base64:': %m", eq); /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */ - r = unbase64mem(value, strlen(value), &roothash_sig_decoded, &roothash_sig_decoded_size); + r = unbase64mem(value, &roothash_sig_decoded, &roothash_sig_decoded_size); if (r < 0) return log_error_errno(r, "Failed to decode RootHashSignature= '%s': %m", eq); diff --git a/src/shared/cryptsetup-fido2.c b/src/shared/cryptsetup-fido2.c index 6e559e17f4a..2d59a630a65 100644 --- a/src/shared/cryptsetup-fido2.c +++ b/src/shared/cryptsetup-fido2.c @@ -177,7 +177,7 @@ int acquire_fido2_key_auto( return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "FIDO2 token data lacks 'fido2-credential' field."); - r = unbase64mem(json_variant_string(w), SIZE_MAX, &cid, &cid_size); + r = unbase64mem(json_variant_string(w), &cid, &cid_size); if (r < 0) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid base64 data in 'fido2-credential' field."); @@ -189,7 +189,7 @@ int acquire_fido2_key_auto( assert(!salt); assert(salt_size == 0); - r = unbase64mem(json_variant_string(w), SIZE_MAX, &salt, &salt_size); + r = unbase64mem(json_variant_string(w), &salt, &salt_size); if (r < 0) return log_error_errno(r, "Failed to decode base64 encoded salt."); diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 6b0e5fe2484..e5e47e4ac6d 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -3166,7 +3166,7 @@ int verity_settings_load( } if (text) { - r = unhexmem(text, strlen(text), &root_hash, &root_hash_size); + r = unhexmem(text, &root_hash, &root_hash_size); if (r < 0) return r; if (root_hash_size < sizeof(sd_id128_t)) @@ -3320,7 +3320,7 @@ int dissected_image_load_verity_sig_partition( if (!json_variant_is_string(rh)) return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'rootHash' field of signature JSON object is not a string."); - r = unhexmem(json_variant_string(rh), SIZE_MAX, &root_hash, &root_hash_size); + r = unhexmem(json_variant_string(rh), &root_hash, &root_hash_size); if (r < 0) return log_debug_errno(r, "Failed to parse root hash field: %m"); @@ -3341,7 +3341,7 @@ int dissected_image_load_verity_sig_partition( if (!json_variant_is_string(sig)) return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'signature' field of signature JSON object is not a string."); - r = unbase64mem(json_variant_string(sig), SIZE_MAX, &root_hash_sig, &root_hash_sig_size); + r = unbase64mem(json_variant_string(sig), &root_hash_sig, &root_hash_sig_size); if (r < 0) return log_debug_errno(r, "Failed to parse signature field: %m"); diff --git a/src/shared/json.c b/src/shared/json.c index bd83bc837f2..073bf31acde 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -5139,14 +5139,14 @@ int json_variant_unbase64(JsonVariant *v, void **ret, size_t *ret_size) { if (!json_variant_is_string(v)) return -EINVAL; - return unbase64mem(json_variant_string(v), SIZE_MAX, ret, ret_size); + return unbase64mem(json_variant_string(v), ret, ret_size); } int json_variant_unhex(JsonVariant *v, void **ret, size_t *ret_size) { if (!json_variant_is_string(v)) return -EINVAL; - return unhexmem(json_variant_string(v), SIZE_MAX, ret, ret_size); + return unhexmem(json_variant_string(v), ret, ret_size); } static const char* const json_variant_type_table[_JSON_VARIANT_TYPE_MAX] = { diff --git a/src/shared/tests.h b/src/shared/tests.h index d5dfb78678a..9c7d24c0d6d 100644 --- a/src/shared/tests.h +++ b/src/shared/tests.h @@ -79,7 +79,7 @@ bool can_memlock(void); #define DEFINE_HEX_PTR(name, hex) \ _cleanup_free_ void *name = NULL; \ size_t name##_len = 0; \ - assert_se(unhexmem(hex, strlen_ptr(hex), &name, &name##_len) >= 0); + assert_se(unhexmem_full(hex, strlen_ptr(hex), false, &name, &name##_len) >= 0); #define TEST_REQ_RUNNING_SYSTEMD(x) \ if (sd_booted() > 0) { \ diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index bec84a3f03c..22b8a872a48 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -1875,7 +1875,7 @@ int tpm2_pcr_value_from_string(const char *arg, Tpm2PCRValue *ret_pcr_value) { _cleanup_free_ void *buf = NULL; size_t buf_size = 0; - r = unhexmem(p, SIZE_MAX, &buf, &buf_size); + r = unhexmem(p, &buf, &buf_size); if (r < 0) return log_debug_errno(r, "Invalid pcr hash value '%s': %m", p); diff --git a/src/shared/user-record.c b/src/shared/user-record.c index 6d93c899c27..4bd547a6c61 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -711,7 +711,7 @@ static int dispatch_pkcs11_key_data(const char *name, JsonVariant *variant, Json if (!json_variant_is_string(variant)) return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); - r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l); + r = unbase64mem(json_variant_string(variant), &b, &l); if (r < 0) return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m"); @@ -778,7 +778,7 @@ static int dispatch_fido2_hmac_credential(const char *name, JsonVariant *variant if (!json_variant_is_string(variant)) return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); - r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l); + r = unbase64mem(json_variant_string(variant), &b, &l); if (r < 0) return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m"); @@ -808,7 +808,7 @@ static int dispatch_fido2_hmac_credential_array(const char *name, JsonVariant *v if (!array) return log_oom(); - r = unbase64mem(json_variant_string(e), SIZE_MAX, &b, &l); + r = unbase64mem(json_variant_string(e), &b, &l); if (r < 0) return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m"); @@ -838,7 +838,7 @@ static int dispatch_fido2_hmac_salt_value(const char *name, JsonVariant *variant if (!json_variant_is_string(variant)) return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); - r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l); + r = unbase64mem(json_variant_string(variant), &b, &l); if (r < 0) return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m"); diff --git a/src/sysupdate/sysupdate-pattern.c b/src/sysupdate/sysupdate-pattern.c index ff018d8f6ca..f5dc7cd1ad8 100644 --- a/src/sysupdate/sysupdate-pattern.c +++ b/src/sysupdate/sysupdate-pattern.c @@ -404,7 +404,7 @@ int pattern_match(const char *pattern, const char *s, InstanceMetadata *ret) { if (strlen(t) != sizeof(found.sha256sum) * 2) goto nope; - r = unhexmem(t, sizeof(found.sha256sum) * 2, &d, &l); + r = unhexmem_full(t, sizeof(found.sha256sum) * 2, /* secure = */ false, &d, &l); if (r == -ENOMEM) return r; if (r < 0) diff --git a/src/sysupdate/sysupdate-resource.c b/src/sysupdate/sysupdate-resource.c index e4bdd882848..96422626f4c 100644 --- a/src/sysupdate/sysupdate-resource.c +++ b/src/sysupdate/sysupdate-resource.c @@ -398,7 +398,7 @@ static int resource_load_from_web( if (p[0] == '\\') return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "File names with escapes not supported in manifest at line %zu, refusing.", line_nr); - r = unhexmem(p, 64, &h, &hlen); + r = unhexmem_full(p, 64, /* secure = */ false, &h, &hlen); if (r < 0) return log_error_errno(r, "Failed to parse digest at manifest line %zu, refusing.", line_nr); diff --git a/src/test/test-hexdecoct.c b/src/test/test-hexdecoct.c index f8840086603..c5abf54513a 100644 --- a/src/test/test-hexdecoct.c +++ b/src/test/test-hexdecoct.c @@ -82,7 +82,7 @@ static void test_hexmem_one(const char *in, const char *expected) { log_debug("hexmem(\"%s\") → \"%s\" (expected: \"%s\")", strnull(in), result, expected); assert_se(streq(result, expected)); - assert_se(unhexmem(result, SIZE_MAX, &mem, &len) >= 0); + assert_se(unhexmem(result, &mem, &len) >= 0); assert_se(memcmp_safe(mem, in, len) == 0); } @@ -97,7 +97,7 @@ static void test_unhexmem_one(const char *s, size_t l, int retval) { _cleanup_free_ void *mem = NULL; size_t len; - assert_se(unhexmem(s, l, &mem, &len) == retval); + assert_se(unhexmem_full(s, l, /* secure = */ false, &mem, &len) == retval); if (retval == 0) { char *answer; @@ -318,7 +318,7 @@ TEST(base64mem_linebreak) { assert_se(encoded); assert_se((size_t) l == strlen(encoded)); - assert_se(unbase64mem(encoded, SIZE_MAX, &decoded, &decoded_size) >= 0); + assert_se(unbase64mem(encoded, &decoded, &decoded_size) >= 0); assert_se(decoded_size == n); assert_se(memcmp(data, decoded, n) == 0); @@ -452,7 +452,7 @@ static void test_unbase64mem_one(const char *input, const char *output, int ret) _cleanup_free_ void *buffer = NULL; size_t size = 0; - assert_se(unbase64mem(input, SIZE_MAX, &buffer, &size) == ret); + assert_se(unbase64mem(input, &buffer, &size) == ret); if (ret >= 0) { assert_se(size == strlen(output)); assert_se(memcmp(buffer, output, size) == 0); @@ -533,12 +533,12 @@ TEST(base64withwithouturl) { size_t size; /* This is regular base64 */ - assert_se(unbase64mem("zKFyIq7aZn4EpuCCmpcF9jPgD8JFE1g/xfT0Mas8X4M0WycyigRsQ4IH4yysufus0AORQsuk3oeGhRC7t1tLyKD0Ih0VcYedv5+p8e6itqrIwzecu98+rNyUVDhWBzS0PMwxEw==", SIZE_MAX, &buffer, &size) >= 0); + assert_se(unbase64mem("zKFyIq7aZn4EpuCCmpcF9jPgD8JFE1g/xfT0Mas8X4M0WycyigRsQ4IH4yysufus0AORQsuk3oeGhRC7t1tLyKD0Ih0VcYedv5+p8e6itqrIwzecu98+rNyUVDhWBzS0PMwxEw==", &buffer, &size) >= 0); assert_se(memcmp_nn(plaintext, sizeof(plaintext), buffer, size) == 0); buffer = mfree(buffer); /* This is the same but in base64url */ - assert_se(unbase64mem("zKFyIq7aZn4EpuCCmpcF9jPgD8JFE1g_xfT0Mas8X4M0WycyigRsQ4IH4yysufus0AORQsuk3oeGhRC7t1tLyKD0Ih0VcYedv5-p8e6itqrIwzecu98-rNyUVDhWBzS0PMwxEw==", SIZE_MAX, &buffer, &size) >= 0); + assert_se(unbase64mem("zKFyIq7aZn4EpuCCmpcF9jPgD8JFE1g_xfT0Mas8X4M0WycyigRsQ4IH4yysufus0AORQsuk3oeGhRC7t1tLyKD0Ih0VcYedv5-p8e6itqrIwzecu98-rNyUVDhWBzS0PMwxEw==", &buffer, &size) >= 0); assert_se(memcmp_nn(plaintext, sizeof(plaintext), buffer, size) == 0); /* Hint: use xxd -i to generate the static C array from some data, and basenc --base64 + basenc diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 94339d81631..de785370ed1 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -3795,7 +3795,8 @@ static int parse_line( _cleanup_free_ void *data = NULL; size_t data_size = 0; - r = unbase64mem(item_binary_argument(&i), item_binary_argument_size(&i), &data, &data_size); + r = unbase64mem_full(item_binary_argument(&i), item_binary_argument_size(&i), /* secure = */ false, + &data, &data_size); if (r < 0) return log_syntax(NULL, LOG_ERR, fname, line, r, "Failed to base64 decode specified argument '%s': %m", i.argument); diff --git a/src/veritysetup/veritysetup-generator.c b/src/veritysetup/veritysetup-generator.c index d55d4aab0b5..95ce82b7c60 100644 --- a/src/veritysetup/veritysetup-generator.c +++ b/src/veritysetup/veritysetup-generator.c @@ -252,7 +252,7 @@ static int determine_device( if (*data_what && *hash_what) return 0; - r = unhexmem(hash, strlen(hash), &m, &l); + r = unhexmem(hash, &m, &l); if (r < 0) return log_error_errno(r, "Failed to parse hash: %s", hash); if (l < sizeof(sd_id128_t)) { diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c index d73c2d39fbe..d1335724644 100644 --- a/src/veritysetup/veritysetup.c +++ b/src/veritysetup/veritysetup.c @@ -205,7 +205,7 @@ static int parse_options(const char *options) { size_t l; void *m; - r = unhexmem(val, strlen(val), &m, &l); + r = unhexmem(val, &m, &l); if (r < 0) return log_error_errno(r, "Failed to parse salt '%s': %m", word); @@ -312,7 +312,7 @@ static int run(int argc, char *argv[]) { if (!filename_is_valid(volume)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume); - r = unhexmem(root_hash, SIZE_MAX, &m, &l); + r = unhexmem(root_hash, &m, &l); if (r < 0) return log_error_errno(r, "Failed to parse root hash: %m"); @@ -378,7 +378,7 @@ static int run(int argc, char *argv[]) { char *value; if ((value = startswith(arg_root_hash_signature, "base64:"))) { - r = unbase64mem(value, strlen(value), (void *)&hash_sig, &hash_sig_size); + r = unbase64mem(value, (void*) &hash_sig, &hash_sig_size); if (r < 0) return log_error_errno(r, "Failed to parse root hash signature '%s': %m", arg_root_hash_signature); } else {