Merge pull request #377 from paolostivanin/dev4_0_2

Release 4.0.2

github_workflow_disabled/workflows/codeql-analysis.yml → .github_workflow/workflows/codeql-analysis.yml

@@ -12,7 +12,7 @@ on:
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu:24.04
 
     strategy:
       fail-fast: false
@@ -21,24 +21,23 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
 
     - name: Install Dependencies
       run: |
-        sudo apt update && DEBIAN_FRONTEND=noninteractive sudo apt -y install git gcc clang cmake libgcrypt20-dev libgtk-3-dev libzip-dev libjansson-dev libpng-dev libzbar-dev libprotobuf-c-dev libsecret-1-dev uuid-dev libprotobuf-dev libqrencode-dev
+        sudo apt update && DEBIAN_FRONTEND=noninteractive sudo apt -y install git gcc clang cmake libgcrypt20-dev libgtk-3-dev libzip-dev libjansson-dev libpng-dev libzbar-dev libprotobuf-c-dev libsecret-1-dev uuid-dev libprotobuf-dev libqrencode-dev libcotp-dev
         git clone https://github.com/paolostivanin/OTPClient ./OTPClient
-        cd OTPClient && chmod +x .ci/install_deps.sh && sudo .ci/install_deps.sh
 
     - name: Build
       run: |
-       mkdir build && cd $_
+       cd OTPClient && mkdir build && cd $_
        cmake ..
        make
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

CMakeLists.txt

@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.16)
-project(OTPClient VERSION "4.0.1" LANGUAGES "C")
+project(OTPClient VERSION "4.0.2" LANGUAGES "C")
 include(GNUInstallDirs)
 
 configure_file("src/common/version.h.in" "version.h")

data/com.github.paolostivanin.OTPClient.appdata.xml

@@ -89,6 +89,14 @@
   </content_rating>
 
   <releases>
+    <release version="4.0.2" date="2024-08-06">
+      <description>
+        <p>OTPClient 4.0.2 brings an important fix:</p>
+        <ul>
+          <li>FIX: importing data on a first run (#376)</li>
+        </ul>
+      </description>
+    </release>
     <release version="4.0.1" date="2024-07-31">
       <description>
         <p>OTPClient 4.0.1 brings a small fix:</p>

src/common/common.c

@@ -16,21 +16,25 @@ get_max_file_size_from_memlock (void)
     const gchar *link = "https://github.com/paolostivanin/OTPClient/wiki/Secure-Memory-Limitations";
     struct rlimit r;
     if (getrlimit (RLIMIT_MEMLOCK, &r) == -1) {
-        // couldn't get memlock limit, so falling back to a default, low value
-        g_print ("[WARNING] your operating system's memlock limit may be too low for you. Please have a look at %s\n", link);
-        return LOW_MEMLOCK_VALUE;
+        g_printerr ("[ERROR] Couldn't retrieve the current memlock value. Check %s for instructions.\n", link);
+        return ERR_MEMLOCK_VALUE;
+    }
+
+    if (r.rlim_cur == -1 || r.rlim_cur > MEMLOCK_VALUE) {
+        // if memlock is unlimited or sufficient, use MEMLOCK_VALUE
+        return MEMLOCK_VALUE;
+    }
+
+    if (r.rlim_cur > MIN_MEMLOCK_VALUE) {
+        g_print ("[WARNING] your operating system's memlock limit may be too low for you (current value: %d bytes).\n"
+                 "This may cause issues when importing third parties databases or dealing with tens of tokens.\n"
+                 "For information on how to increase the memlock value, please have a look at %s\n", (gint32)r.rlim_cur, link);
     } else {
-        if (r.rlim_cur == -1 || r.rlim_cur > MEMLOCK_VALUE) {
-            // memlock is either unlimited or bigger than needed, so defaulting to 'MEMLOCK_VALUE'
-            return MEMLOCK_VALUE;
-        } else {
-            // memlock is less than 'MEMLOCK_VALUE'
-            g_print ("[WARNING] your operating system's memlock limit may be too low for you (current value: %d bytes).\n"
-                     "This may cause issues when importing third parties databases or dealing with tens of tokens.\n"
-                     "For information on how to increase the memlock value, please have a look at %s\n", (gint32)r.rlim_cur, link);
-            return (gint32)r.rlim_cur;
-        }
+        // memlock is lower than MIN_MEMLOCK_VALUE, so we need to exit because there's not enough secmem available.
+        g_printerr ("[ERROR] Current memlock limit (%d bytes) is too low for operation. Check %s for instructions.\n", (gint32)r.rlim_cur, link);
+        return ERR_MEMLOCK_VALUE;
     }
+    return (gint32)r.rlim_cur;
 }
 
 

src/common/common.h

@@ -7,8 +7,9 @@
 
 G_BEGIN_DECLS
 
-#define LOW_MEMLOCK_VALUE    65536 //64KB
-#define MEMLOCK_VALUE     67108864 //64MB
+#define ERR_MEMLOCK_VALUE        1
+#define MIN_MEMLOCK_VALUE  4194304 //  4 MiB
+#define MEMLOCK_VALUE     67108864 // 64 MiB
 
 #define ANDOTP                 100
 #define AUTHPRO                101

src/common/db-common.c

@@ -106,6 +106,10 @@ update_db (DatabaseData  *db_data,
     gboolean first_run = (db_data->in_memory_json_data == NULL) ? TRUE : FALSE;
     if (first_run == TRUE) {
         db_data->in_memory_json_data = json_array ();
+        // we need some default values for the first run
+        db_data->argon2id_iter = ARGON2ID_DEFAULT_ITER;
+        db_data->argon2id_memcost = ARGON2ID_DEFAULT_MC;
+        db_data->argon2id_parallelism = ARGON2ID_DEFAULT_PARAL;
     } else {
         // database is backed-up only if this is not the first run
         backup_db (db_data->db_path);
@@ -292,9 +296,9 @@ decrypt_db (DatabaseData *db_data,
     } else {
         res = g_input_stream_read (G_INPUT_STREAM(in_stream), header_data_v1, header_data_size, NULL, NULL);
         // when decrypting v1 db, we need to set some default values for the next re-encryption
-        db_data->argon2id_iter = 4;
-        db_data->argon2id_memcost = 131072; // (128 MiB)
-        db_data->argon2id_parallelism = 4;
+        db_data->argon2id_iter = ARGON2ID_DEFAULT_ITER;
+        db_data->argon2id_memcost = ARGON2ID_DEFAULT_MC;
+        db_data->argon2id_parallelism = ARGON2ID_DEFAULT_PARAL;
     }
     if (res == -1) {
         g_set_error (err, generic_error_gquark (), GENERIC_ERRCODE, "Failed to read the header data.");

src/common/db-common.h

@@ -19,8 +19,11 @@ G_BEGIN_DECLS
 #define TAG_SIZE                16
 
 // Parameters used to derive the db's password (v2)
-#define ARGON2ID_TAGLEN         32
-#define ARGON2ID_KEYLEN         32
+#define ARGON2ID_TAGLEN            32
+#define ARGON2ID_KEYLEN            32
+#define ARGON2ID_DEFAULT_ITER       4
+#define ARGON2ID_DEFAULT_MC    131072  //128 MiB
+#define ARGON2ID_DEFAULT_PARAL      4
 
 
 typedef struct db_header_data_v1_t {

src/gui/app.c

@@ -118,6 +118,14 @@ activate (GtkApplication    *app,
     gtk_application_add_window (GTK_APPLICATION(app), GTK_WINDOW(app_data->main_window));
     g_signal_connect (app_data->main_window, "size-allocate", G_CALLBACK(get_window_size_cb), NULL);
 
+    if (max_file_size == ERR_MEMLOCK_VALUE) {
+        show_message_dialog (app_data->main_window, "Couldn't get the memlock limit or the value is too low. Please have a look at the"
+                                                    "<a href=\\\"https://github.com/paolostivanin/OTPClient/wiki/Secure-Memory-Limitations\\\">secure memory</a> wiki page before re-running OTPClient.", GTK_MESSAGE_ERROR);
+        g_free (app_data->db_data);
+        g_application_quit (G_APPLICATION(app));
+        return;
+    }
+
     gchar *init_msg = init_libs (max_file_size);
     if (init_msg != NULL) {
         show_message_dialog (app_data->main_window, init_msg, GTK_MESSAGE_ERROR);
@@ -166,7 +174,7 @@ activate (GtkApplication    *app,
     }
 #endif
 
-    if (max_file_size < LOW_MEMLOCK_VALUE && get_warn_data () == TRUE) {
+    if (max_file_size < MEMLOCK_VALUE && get_warn_data () == TRUE) {
         if (show_memlock_warn_dialog (max_file_size, app_data->builder) == TRUE) {
             g_free (app_data->db_data);
             g_free (app_data);