Release 3.2.1

CMakeLists.txt

@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.16)
-project(OTPClient VERSION "3.2.0" LANGUAGES "C")
+project(OTPClient VERSION "3.2.1" LANGUAGES "C")
 include(GNUInstallDirs)
 
 configure_file("src/common/version.h.in" "version.h")

data/com.github.paolostivanin.OTPClient.appdata.xml

@@ -84,6 +84,15 @@
   </content_rating>
 
   <releases>
+    <release version="3.2.1" date="2023-10-31">
+      <description>
+        <p>OTPClient 3.2.1 fixes a couple of issues.</p>
+        <ul>
+          <li>FIX: increase secure memory pool to 64 MB, if possible</li>
+          <li>FIX: parsing of big aegis encrypted json</li>
+        </ul>
+      </description>
+    </release>
     <release version="3.2.0" date="2023-10-25">
       <description>
         <p>OTPClient 3.2.0 fixes a couple of issues.</p>

src/app.c

@@ -179,7 +179,7 @@ activate (GtkApplication    *app,
     }
 #endif
 
-    if (max_file_size < (96 * 1024) && get_warn_data () == TRUE) {
+    if (max_file_size < LOW_MEMLOCK_VALUE && get_warn_data () == TRUE) {
         if (show_memlock_warn_dialog (max_file_size, app_data->builder) == TRUE) {
             g_free (app_data->db_data);
             g_free (app_data);

src/common/aegis.c

@@ -190,9 +190,15 @@ get_otps_from_encrypted_backup (const gchar          *path,
     gcry_free (master_key);
     gcry_free (b64decoded_db);
 
-    GSList *otps = parse_json_data (decrypted_db, err);
+    // we remove the icon field (and the icon_mime while at it too) because it uses lots of secure memory for nothing
+    GRegex *regex = g_regex_new (".*\"icon\":(\\s)*\".*\",\\n|.*\"icon_mime\":(\\s)*\".*\",\\n", G_REGEX_MULTILINE, 0, NULL);
+    gchar *cleaned_db = secure_strdup (g_regex_replace (regex, decrypted_db, -1, 0, "", 0, NULL));
+    g_regex_unref (regex);
     gcry_free (decrypted_db);
 
+    GSList *otps = parse_json_data (cleaned_db, err);
+    gcry_free (cleaned_db);
+
     return otps;
 }
 

src/common/common.c

@@ -1,12 +1,10 @@
 #include <glib.h>
 #include <sys/resource.h>
 #include <cotp.h>
-#ifdef COTP_OLD_LIB
-#include <baseencode.h>
-#endif
 #include <glib/gi18n.h>
 #include "gcrypt.h"
 #include "jansson.h"
+#include "common.h"
 #include "../google-migration.pb-c.h"
 
 gint32
@@ -17,13 +15,13 @@ get_max_file_size_from_memlock (void)
     if (getrlimit (RLIMIT_MEMLOCK, &r) == -1) {
         // couldn't get memlock limit, so falling back to a default, low value
         g_print ("[WARNING] your OS's memlock limit may be too low for you (64000 bytes). Please have a look at %s\n", link);
-        return 64000;
+        return LOW_MEMLOCK_VALUE;
     } else {
-        if (r.rlim_cur == -1 || r.rlim_cur > 4194304) {
-            // memlock is either unlimited or bigger than needed
-            return 4194304;
+        if (r.rlim_cur == -1 || r.rlim_cur > MEMLOCK_VALUE) {
+            // memlock is either unlimited or bigger than needed, so defaulting to 'MEMLOCK_VALUE'
+            return MEMLOCK_VALUE;
         } else {
-            // memlock is less than 4 MB
+            // memlock is less than 'MEMLOCK_VALUE'
             g_print ("[WARNING] your OS's memlock limit may be too low for you (current value: %d bytes).\n"
                      "This may cause issues when importing third parties databases or dealing with tens of tokens.\n"
                      "For information on how to increase the memlock value, please have a look at %s\n", (gint32)r.rlim_cur, link);
@@ -36,8 +34,8 @@ get_max_file_size_from_memlock (void)
 gchar *
 init_libs (gint32 max_file_size)
 {
-    if (!gcry_check_version ("1.6.0")) {
-        return g_strdup ("The required version of GCrypt is 1.6.0 or greater.");
+    if (!gcry_check_version ("1.8.0")) {
+        return g_strdup ("The required version of GCrypt is 1.8.0 or greater.");
     }
 
     if (gcry_control (GCRYCTL_INIT_SECMEM, max_file_size, 0)) {

src/common/common.h

@@ -12,6 +12,9 @@ G_BEGIN_DECLS
     #define g_memdupX g_memdup
 #endif
 
+#define LOW_MEMLOCK_VALUE    65536 //64KB
+#define MEMLOCK_VALUE     67108864 //64MB
+
 gint32      get_max_file_size_from_memlock  (void);
 
 gchar      *init_libs                       (gint32          max_file_size);