From 586cdfcf864cf73d629889ede80a8f0b4fae4a7c Mon Sep 17 00:00:00 2001 From: Paolo Stivanin Date: Mon, 30 Oct 2023 16:11:44 +0100 Subject: [PATCH 1/2] Fix Aegis encrypted import and increase secure memory pool * increase secure memory pool to 64MB, if possible * remove the icon and icon_mime fields from the aegis json, since we don't need them and they take up lots of secure memory This fixes #309 --- CMakeLists.txt | 2 +- src/app.c | 2 +- src/common/aegis.c | 8 +++++++- src/common/common.c | 18 ++++++++---------- src/common/common.h | 3 +++ 5 files changed, 20 insertions(+), 13 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 06a7213..eb23d9f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,5 @@ cmake_minimum_required(VERSION 3.16) -project(OTPClient VERSION "3.2.0" LANGUAGES "C") +project(OTPClient VERSION "3.2.1" LANGUAGES "C") include(GNUInstallDirs) configure_file("src/common/version.h.in" "version.h") diff --git a/src/app.c b/src/app.c index 3f4e154..f987c24 100644 --- a/src/app.c +++ b/src/app.c @@ -179,7 +179,7 @@ activate (GtkApplication *app, } #endif - if (max_file_size < (96 * 1024) && get_warn_data () == TRUE) { + if (max_file_size < LOW_MEMLOCK_VALUE && get_warn_data () == TRUE) { if (show_memlock_warn_dialog (max_file_size, app_data->builder) == TRUE) { g_free (app_data->db_data); g_free (app_data); diff --git a/src/common/aegis.c b/src/common/aegis.c index 02c42ce..2ead87f 100644 --- a/src/common/aegis.c +++ b/src/common/aegis.c @@ -190,9 +190,15 @@ get_otps_from_encrypted_backup (const gchar *path, gcry_free (master_key); gcry_free (b64decoded_db); - GSList *otps = parse_json_data (decrypted_db, err); + // we remove the icon field (and the icon_mime while at it too) because it uses lots of secure memory for nothing + GRegex *regex = g_regex_new (".*\"icon\":(\\s)*\".*\",\\n|.*\"icon_mime\":(\\s)*\".*\",\\n", G_REGEX_MULTILINE, 0, NULL); + gchar *cleaned_db = secure_strdup (g_regex_replace (regex, decrypted_db, -1, 0, "", 0, NULL)); + g_regex_unref (regex); gcry_free (decrypted_db); + GSList *otps = parse_json_data (cleaned_db, err); + gcry_free (cleaned_db); + return otps; } diff --git a/src/common/common.c b/src/common/common.c index e518208..99dbf5e 100644 --- a/src/common/common.c +++ b/src/common/common.c @@ -1,12 +1,10 @@ #include #include #include -#ifdef COTP_OLD_LIB -#include -#endif #include #include "gcrypt.h" #include "jansson.h" +#include "common.h" #include "../google-migration.pb-c.h" gint32 @@ -17,13 +15,13 @@ get_max_file_size_from_memlock (void) if (getrlimit (RLIMIT_MEMLOCK, &r) == -1) { // couldn't get memlock limit, so falling back to a default, low value g_print ("[WARNING] your OS's memlock limit may be too low for you (64000 bytes). Please have a look at %s\n", link); - return 64000; + return LOW_MEMLOCK_VALUE; } else { - if (r.rlim_cur == -1 || r.rlim_cur > 4194304) { - // memlock is either unlimited or bigger than needed - return 4194304; + if (r.rlim_cur == -1 || r.rlim_cur > MEMLOCK_VALUE) { + // memlock is either unlimited or bigger than needed, so defaulting to 'MEMLOCK_VALUE' + return MEMLOCK_VALUE; } else { - // memlock is less than 4 MB + // memlock is less than 'MEMLOCK_VALUE' g_print ("[WARNING] your OS's memlock limit may be too low for you (current value: %d bytes).\n" "This may cause issues when importing third parties databases or dealing with tens of tokens.\n" "For information on how to increase the memlock value, please have a look at %s\n", (gint32)r.rlim_cur, link); @@ -36,8 +34,8 @@ get_max_file_size_from_memlock (void) gchar * init_libs (gint32 max_file_size) { - if (!gcry_check_version ("1.6.0")) { - return g_strdup ("The required version of GCrypt is 1.6.0 or greater."); + if (!gcry_check_version ("1.8.0")) { + return g_strdup ("The required version of GCrypt is 1.8.0 or greater."); } if (gcry_control (GCRYCTL_INIT_SECMEM, max_file_size, 0)) { diff --git a/src/common/common.h b/src/common/common.h index 75df029..540d332 100644 --- a/src/common/common.h +++ b/src/common/common.h @@ -12,6 +12,9 @@ G_BEGIN_DECLS #define g_memdupX g_memdup #endif +#define LOW_MEMLOCK_VALUE 65536 //64KB +#define MEMLOCK_VALUE 67108864 //64MB + gint32 get_max_file_size_from_memlock (void); gchar *init_libs (gint32 max_file_size); From e8664f7dbffee446eb5d493c938349449cac20d0 Mon Sep 17 00:00:00 2001 From: Paolo Stivanin Date: Tue, 31 Oct 2023 08:39:49 +0100 Subject: [PATCH 2/2] Update appdata --- data/com.github.paolostivanin.OTPClient.appdata.xml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/data/com.github.paolostivanin.OTPClient.appdata.xml b/data/com.github.paolostivanin.OTPClient.appdata.xml index f095a57..8ab2d1e 100644 --- a/data/com.github.paolostivanin.OTPClient.appdata.xml +++ b/data/com.github.paolostivanin.OTPClient.appdata.xml @@ -84,6 +84,15 @@ + + +

OTPClient 3.2.1 fixes a couple of issues.

+
    +
  • FIX: increase secure memory pool to 64 MB, if possible
    • +
  • FIX: parsing of big aegis encrypted json
    • +
+ +

OTPClient 3.2.0 fixes a couple of issues.