Nobody/Anonymous - 2005-04-25

Logged In: NO

The code is not 64-bit clean in the passwordfile.c code that
reads and writes individual entries. I figured out a quick
hack to make it work, but it still needs some additional
analysis to be sure there aren't any other gotcha's.

Here're the 2 functions that need changes:
Sorry I don't have a proper patch diff, but I don't have cvs
working on this machine at the moment.

What I've done is based the printf format string for the
description length field on the size of the size_t
structure, %u for a 4-byte size_t (32 bit machine) and %lu
for a 8-byte size_t (64-bit machine).

In order to handle files where the corrupted length was
already written, I added a simple check to assume an empty
description if the length is over 4K. This should work for
most files, if your file doesn't read with this patch, you
may need to try something else. Also, make sure you copy
the gpass.dat file to a backup location before trying this,
just in case your file has some wierdness and gets corrupted
by the arbitrary length limit on the description.

/* Reads an entry from the password file. */
int password_file_read_entry(encstream *es,
password_file_entry *entry,
GError **error)
{
g_return_val_if_fail(error == NULL || *error == NULL, 2);

GError *t_error = NULL;
size_t desclen;
size_t r;
char *lenStr;
if(sizeof(size_t) == 8)
lenStr = "%lu";
if(sizeof(size_t) == 4)
lenStr = "%u";

if (error == NULL)
error = &t_error;

entry->title = password_file_get_line(es, error);
if (entry->title == NULL && (error == NULL || *error ==
NULL)) {
return EOF;
}

if (entry->title == NULL)
g_message((*error)->message);

entry->username = password_file_get_line(es, error);
entry->password = password_file_get_line(es, error);
entry->url = password_file_get_line(es, error);

password_file_get_val(es, "%u", &entry->creation_time,
error);
password_file_get_val(es, "%u",
&entry->modification_time, error);
password_file_get_val(es, "%u", &entry->expiration_time,
error);
password_file_get_val(es, lenStr, &desclen, error);

if (*error != NULL)
return 1;
/* arbitrary limit due to issues on 64-bit systems */
if (desclen > 4096)
desclen = 1;

gchar *buf = g_malloc(desclen);
r = encstream_read(buf, desclen, es);
if (r < desclen) {
if (encstream_error(es))
g_set_error(error, 0, errno, g_strerror(errno));
else
g_set_error(error, 0, 0, _("Premature end of
file"));
g_free(buf);
return 3;
}
buf[r-1] = '\0';

entry->description = buf;

return 0;
}

/* Write a password entry to the given stream */
void password_file_write_entry(encstream *es,
password_file_entry *entry,
GError **error)
{
int rc;
size_t len;
char *lenStr;
if(sizeof(size_t) == 8)
lenStr = "%lu\n";
if(sizeof(size_t) == 4)
lenStr = "%u\n";

g_return_if_fail(error == NULL || *error == NULL);

g_return_if_fail(es != NULL);
g_return_if_fail(entry->title != NULL);
g_return_if_fail(entry->username != NULL);
g_return_if_fail(entry->password != NULL);
g_return_if_fail(entry->url != NULL);
g_return_if_fail(entry->description != NULL);

len = strlen(entry->description);
rc = encstream_printf(es, "%s\n", entry->title) == 0 &&
encstream_printf(es, "%s\n", entry->username) == 0 &&
encstream_printf(es, "%s\n", entry->password) == 0 &&
encstream_printf(es, "%s\n", entry->url) == 0 &&
encstream_printf(es, "%u\n", entry->creation_time)
== 0 &&
encstream_printf(es, "%u\n",
entry->modification_time) == 0 &&
encstream_printf(es, "%u\n",
entry->expiration_time) == 0 &&
encstream_printf(es, lenStr, len+1) == 0 &&
encstream_printf(es, "%s\n", entry->description) == 0;

if (rc == 0) {
g_set_error(error, 0, errno, g_strerror(errno));
}
}