Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Minor security enhancements to the optional SEE integration. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | experimental |
| Files: | files | file ages | folders |
| SHA1: |
69352027bbd403fdef6162675ac6bad0 |
| User & Date: | mistachkin 2016-10-23 02:07:32.631 |
Context
|
2016-10-23
| ||
| 02:14 | Minor tweaks to the break_into_lines() algorithm. Add tests. check-in: d3cc6d1d09 user: mistachkin tags: experimental | |
| 02:07 | Minor security enhancements to the optional SEE integration. check-in: 69352027bb user: mistachkin tags: experimental | |
| 01:46 | Add the 'project_description' variable to TH1. check-in: 345c580d0a user: mistachkin tags: experimental | |
|
2016-10-04
| ||
| 19:17 | Coding style tweaks. Closed-Leaf check-in: 34d988c244 user: mistachkin tags: seeEnhanced | |
Changes
Changes to src/db.c.
| ︙ | ︙ | |||
868 869 870 871 872 873 874 875 876 |
db_now_function, 0, 0);
sqlite3_create_function(db, "toLocal", 0, SQLITE_UTF8, 0,
db_tolocal_function, 0, 0);
sqlite3_create_function(db, "fromLocal", 0, SQLITE_UTF8, 0,
db_fromlocal_function, 0, 0);
}
/*
** If the database file zDbFile has a name that suggests that it is
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | | > | < | | | | | 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 |
db_now_function, 0, 0);
sqlite3_create_function(db, "toLocal", 0, SQLITE_UTF8, 0,
db_tolocal_function, 0, 0);
sqlite3_create_function(db, "fromLocal", 0, SQLITE_UTF8, 0,
db_fromlocal_function, 0, 0);
}
#if USE_SEE
/*
** This is a pointer to the saved database encryption key string.
*/
static char *zSavedKey = 0;
/*
** This is the size of the saved database encryption key, in bytes.
*/
size_t savedKeySize = 0;
/*
** This function returns the saved database encryption key -OR- zero if
** no database encryption key is saved.
*/
static char *db_get_saved_encryption_key(){
return zSavedKey;
}
/*
** This function arranges for the database encryption key to be securely
** saved in non-pagable memory (on platforms where this is possible).
*/
static void db_save_encryption_key(
Blob *pKey
){
void *p = NULL;
size_t n = 0;
size_t pageSize = 0;
size_t blobSize = 0;
blobSize = blob_size(pKey);
if( blobSize==0 ) return;
fossil_get_page_size(&pageSize);
assert( pageSize>0 );
if( blobSize>pageSize ){
fossil_fatal("key blob too large: %u versus %u", blobSize, pageSize);
}
p = fossil_secure_alloc_page(&n);
assert( p!=NULL );
assert( n==pageSize );
assert( n>=blobSize );
memcpy(p, blob_str(pKey), blobSize);
zSavedKey = p;
savedKeySize = n;
}
/*
** This function arranges for the saved database encryption key to be
** securely zeroed, unlocked (if necessary), and freed.
*/
void db_unsave_encryption_key(){
fossil_secure_free_page(zSavedKey, savedKeySize);
zSavedKey = NULL;
savedKeySize = 0;
}
/*
** This function sets the saved database encryption key to the specified
** string value, allocating or freeing the underlying memory if needed.
*/
void db_set_saved_encryption_key(
Blob *pKey
){
if( zSavedKey!=NULL ){
size_t blobSize = blob_size(pKey);
if( blobSize==0 ){
db_unsave_encryption_key();
}else{
if( blobSize>savedKeySize ){
fossil_fatal("key blob too large: %u versus %u",
blobSize, savedKeySize);
}
fossil_secure_zero(zSavedKey, savedKeySize);
memcpy(zSavedKey, blob_str(pKey), blobSize);
}
}else{
db_save_encryption_key(pKey);
}
}
#endif /* USE_SEE */
/*
** If the database file zDbFile has a name that suggests that it is
** encrypted, then prompt for the database encryption key and return it
** in the blob *pKey. Or, if the encryption key has previously been
** requested, just return a copy of the previous result. The blob in
** *pKey must be initialized.
*/
static void db_maybe_obtain_encryption_key(
const char *zDbFile, /* Name of the database file */
Blob *pKey /* Put the encryption key here */
){
#if USE_SEE
if( sqlite3_strglob("*.efossil", zDbFile)==0 ){
char *zKey = db_get_saved_encryption_key();
if( zKey ){
blob_set(pKey, zKey);
}else{
char *zPrompt = mprintf("\rencryption key for '%s': ", zDbFile);
prompt_for_password(zPrompt, pKey, 0);
fossil_free(zPrompt);
db_set_saved_encryption_key(pKey);
}
}
#endif
}
/*
|
| ︙ | ︙ | |||
913 914 915 916 917 918 919 |
zDbName, &db,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
g.zVfsName
);
if( rc!=SQLITE_OK ){
db_err("[%s]: %s", zDbName, sqlite3_errmsg(db));
}
| > | > | 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 |
zDbName, &db,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
g.zVfsName
);
if( rc!=SQLITE_OK ){
db_err("[%s]: %s", zDbName, sqlite3_errmsg(db));
}
blob_init(&key, 0, 0);
db_maybe_obtain_encryption_key(zDbName, &key);
if( blob_size(&key)>0 ){
char *zCmd = sqlite3_mprintf("PRAGMA key(%Q)", blob_str(&key));
sqlite3_exec(db, zCmd, 0, 0, 0);
fossil_secure_zero(zCmd, strlen(zCmd));
sqlite3_free(zCmd);
}
blob_reset(&key);
sqlite3_busy_timeout(db, 5000);
sqlite3_wal_autocheckpoint(db, 1); /* Set to checkpoint frequently */
sqlite3_create_function(db, "user", 0, SQLITE_UTF8, 0, db_sql_user, 0, 0);
sqlite3_create_function(db, "cgi", 1, SQLITE_UTF8, 0, db_sql_cgi, 0, 0);
|
| ︙ | ︙ | |||
953 954 955 956 957 958 959 960 |
}
/*
** zDbName is the name of a database file. Attach zDbName using
** the name zLabel.
*/
void db_attach(const char *zDbName, const char *zLabel){
Blob key;
| > > | | | > > > | 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 |
}
/*
** zDbName is the name of a database file. Attach zDbName using
** the name zLabel.
*/
void db_attach(const char *zDbName, const char *zLabel){
char *zCmd;
Blob key;
blob_init(&key, 0, 0);
db_maybe_obtain_encryption_key(zDbName, &key);
zCmd = sqlite3_mprintf("ATTACH DATABASE %Q AS %Q KEY %Q",
zDbName, zLabel, blob_str(&key));
db_multi_exec(zCmd /*works-like:""*/);
fossil_secure_zero(zCmd, strlen(zCmd));
sqlite3_free(zCmd);
blob_reset(&key);
}
/*
** Change the schema name of the "main" database to zLabel.
** zLabel must be a static string that is unchanged for the life of
** the database connection.
|
| ︙ | ︙ |
Changes to src/main.c.
| ︙ | ︙ | |||
297 298 299 300 301 302 303 304 305 306 307 308 309 310 |
Global g;
/*
** atexit() handler which frees up "some" of the resources
** used by fossil.
*/
static void fossil_atexit(void) {
#if defined(_WIN32) && !defined(_WIN64) && defined(FOSSIL_ENABLE_TCL) && \
defined(USE_TCL_STUBS)
/*
** If Tcl is compiled on Windows using the latest MinGW, Fossil can crash
** when exiting while a stubs-enabled Tcl is still loaded. This is due to
** a bug in MinGW, see:
**
| > > > > > > > > > > > > | 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 |
Global g;
/*
** atexit() handler which frees up "some" of the resources
** used by fossil.
*/
static void fossil_atexit(void) {
#if USE_SEE
/*
** Zero, unlock, and free the saved database encryption key now.
*/
db_unsave_encryption_key();
#endif
#if defined(_WIN32) || defined(__BIONIC__)
/*
** Free the secure getpass() buffer now.
*/
freepass();
#endif
#if defined(_WIN32) && !defined(_WIN64) && defined(FOSSIL_ENABLE_TCL) && \
defined(USE_TCL_STUBS)
/*
** If Tcl is compiled on Windows using the latest MinGW, Fossil can crash
** when exiting while a stubs-enabled Tcl is still loaded. This is due to
** a bug in MinGW, see:
**
|
| ︙ | ︙ |
Changes to src/user.c.
| ︙ | ︙ | |||
17 18 19 20 21 22 23 | ** ** Commands and procedures used for creating, processing, editing, and ** querying information about users. */ #include "config.h" #include "user.h" | < < < < | > | > > > | > > > > > > > > > > > | | | | | | | | > | > > > > > | 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
**
** Commands and procedures used for creating, processing, editing, and
** querying information about users.
*/
#include "config.h"
#include "user.h"
/*
** Strip leading and trailing space from a string and add the string
** onto the end of a blob.
*/
static void strip_string(Blob *pBlob, char *z){
int i;
blob_reset(pBlob);
while( fossil_isspace(*z) ){ z++; }
for(i=0; z[i]; i++){
if( z[i]=='\r' || z[i]=='\n' ){
while( i>0 && fossil_isspace(z[i-1]) ){ i--; }
z[i] = 0;
break;
}
if( z[i]>0 && z[i]<' ' ) z[i] = ' ';
}
blob_append(pBlob, z, -1);
}
#if defined(_WIN32) || defined(__BIONIC__)
#ifdef _WIN32
#include <conio.h>
#endif
/*
** getpass() for Windows and Android.
*/
static char *zPwdBuffer = 0;
static size_t nPwdBuffer = 0;
static char *getpass(const char *prompt){
char *zPwd;
size_t nPwd;
size_t i;
if( zPwdBuffer==0 ){
zPwdBuffer = fossil_secure_alloc_page(&nPwdBuffer);
assert( zPwdBuffer );
}else{
fossil_secure_zero(zPwdBuffer, nPwdBuffer);
}
zPwd = zPwdBuffer;
nPwd = nPwdBuffer;
fputs(prompt,stderr);
fflush(stderr);
assert( zPwd!=0 );
assert( nPwd>0 );
for(i=0; i<nPwd-1; ++i){
#if defined(_WIN32)
zPwd[i] = _getch();
#else
zPwd[i] = getc(stdin);
#endif
if(zPwd[i]=='\r' || zPwd[i]=='\n'){
break;
}
/* BS or DEL */
else if(i>0 && (zPwd[i]==8 || zPwd[i]==127)){
i -= 2;
continue;
}
/* CTRL-C */
else if(zPwd[i]==3) {
i=0;
break;
}
/* ESC */
else if(zPwd[i]==27){
i=0;
break;
}
else{
fputc('*',stderr);
}
}
zPwd[i]='\0';
fputs("\n", stderr);
assert( zPwd==zPwdBuffer );
return zPwd;
}
void freepass(){
if( !zPwdBuffer ) return;
assert( nPwdBuffer>0 );
fossil_secure_free_page(zPwdBuffer, nPwdBuffer);
}
#endif
#if defined(_WIN32) || defined(WIN32)
# include <io.h>
# include <fcntl.h>
# undef popen
|
| ︙ | ︙ |
Changes to src/util.c.
| ︙ | ︙ | |||
53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
void fossil_free(void *p){
free(p);
}
void *fossil_realloc(void *p, size_t n){
p = realloc(p, n);
if( p==0 ) fossil_panic("out of memory");
return p;
}
/*
** This function implements a cross-platform "system()" interface.
*/
int fossil_system(const char *zOrigCmd){
int rc;
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 |
void fossil_free(void *p){
free(p);
}
void *fossil_realloc(void *p, size_t n){
p = realloc(p, n);
if( p==0 ) fossil_panic("out of memory");
return p;
}
void fossil_secure_zero(void *p, size_t n){
volatile unsigned char *vp = (volatile unsigned char *)p;
size_t i;
if( p==0 ) return;
assert( n>0 );
if( n==0 ) return;
for(i=0; i<n; i++){ vp[i] ^= 0xFF; }
for(i=0; i<n; i++){ vp[i] ^= vp[i]; }
}
void fossil_get_page_size(size_t *piPageSize){
#if defined(_WIN32)
SYSTEM_INFO sysInfo;
memset(&sysInfo, 0, sizeof(SYSTEM_INFO));
GetSystemInfo(&sysInfo);
*piPageSize = (size_t)sysInfo.dwPageSize;
#else
*piPageSize = 4096; /* FIXME: What for POSIX? */
#endif
}
void *fossil_secure_alloc_page(size_t *pN){
void *p;
size_t pageSize;
fossil_get_page_size(&pageSize);
assert( pageSize>0 );
assert( pageSize%2==0 );
#if defined(_WIN32)
p = VirtualAlloc(NULL, pageSize, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
if( p==NULL ){
fossil_fatal("VirtualAlloc failed: %lu\n", GetLastError());
}
if( !VirtualLock(p, pageSize) ){
fossil_fatal("VirtualLock failed: %lu\n", GetLastError());
}
#else
p = fossil_malloc(pageSize);
#endif
fossil_secure_zero(p, pageSize);
if( pN ) *pN = pageSize;
return p;
}
void fossil_secure_free_page(void *p, size_t n){
if( !p ) return;
assert( n>0 );
fossil_secure_zero(p, n);
#if defined(_WIN32)
if( !VirtualUnlock(p, n) ){
fossil_fatal("VirtualUnlock failed: %lu\n", GetLastError());
}
if( !VirtualFree(p, 0, MEM_RELEASE) ){
fossil_fatal("VirtualFree failed: %lu\n", GetLastError());
}
#else
fossil_free(p);
#endif
}
/*
** This function implements a cross-platform "system()" interface.
*/
int fossil_system(const char *zOrigCmd){
int rc;
|
| ︙ | ︙ |