[gtk/ebassi/secure-buffer: 6/7] Add a secure GtkEntryBuffer
- From: Emmanuele Bassi <ebassi src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gtk/ebassi/secure-buffer: 6/7] Add a secure GtkEntryBuffer
- Date: Tue, 8 Sep 2020 22:31:33 +0000 (UTC)
commit 61a13e9f82f61760bc0756522e738b506e35c251
Author: Emmanuele Bassi <ebassi gnome org>
Date: Fri Sep 4 12:51:58 2020 +0100
Add a secure GtkEntryBuffer
We have a widget for password and passphrase entries, but we have no way
to handle the data securely. This is usually performed by a separate
GtkEntryBuffer—for instance, the one in GCR. While we have API for
setting a new entry buffer on GtkText, we don't have API for
GtkPasswordEntry, though, so the options are:
- expose additional API for GtkPasswordEntry to allow setting a secure
text buffer on the internal GtkText widget
- provide a secure text buffer out of the box
Given that an insecure-by-default GtkPasswordEntry is basically
pointless, might as well have a secure buffer built in.
We don't really need to make the password entry buffer public out of the
box, but we can re-evaluate at a later date.
Fixes: #2403
gtk/gtkpasswordentrybuffer.c | 196 ++++++++++++++++++++++++++++++++++++
gtk/gtkpasswordentrybufferprivate.h | 33 ++++++
gtk/meson.build | 1 +
3 files changed, 230 insertions(+)
---
diff --git a/gtk/gtkpasswordentrybuffer.c b/gtk/gtkpasswordentrybuffer.c
new file mode 100644
index 0000000000..05844d2fc5
--- /dev/null
+++ b/gtk/gtkpasswordentrybuffer.c
@@ -0,0 +1,196 @@
+/* gtkpasswordentrybuffer.c: Entry buffer with secure allocation
+ *
+ Copyright 2009 Stefan Walter
+ * Copyright 2020 GNOME Foundation
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "config.h"
+
+#include "gtkpasswordentrybufferprivate.h"
+
+#include "gtksecurememoryprivate.h"
+
+#include <string.h>
+
+/* Initial size of buffer, in bytes */
+#define MIN_SIZE 16
+
+struct _GtkPasswordEntryBuffer
+{
+ GtkEntryBuffer parent_instance;
+
+ char *text;
+ gsize text_size;
+ gsize text_bytes;
+ guint text_chars;
+};
+
+G_DEFINE_TYPE (GtkPasswordEntryBuffer, gtk_password_entry_buffer, GTK_TYPE_ENTRY_BUFFER)
+
+static const char *
+gtk_password_entry_buffer_real_get_text (GtkEntryBuffer *buffer,
+ gsize *n_bytes)
+{
+ GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
+
+ if (n_bytes != NULL)
+ *n_bytes = self->text_bytes;
+
+ if (!self->text)
+ return "";
+
+ return self->text;
+}
+
+static guint
+gtk_password_entry_buffer_real_get_length (GtkEntryBuffer *buffer)
+{
+ GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
+ return self->text_chars;
+}
+
+static guint
+gtk_password_entry_buffer_real_insert_text (GtkEntryBuffer *buffer,
+ guint position,
+ const char *chars,
+ guint n_chars)
+{
+ GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
+
+ gsize n_bytes = g_utf8_offset_to_pointer (chars, n_chars) - chars;
+
+ /* Need more memory */
+ if (n_bytes + self->text_bytes + 1 > self->text_size)
+ {
+ /* Calculate our new buffer size */
+ while (n_bytes + self->text_bytes + 1 > self->text_size)
+ {
+ if (self->text_size == 0)
+ {
+ self->text_size = MIN_SIZE;
+ }
+ else
+ {
+ if (2 * self->text_size < GTK_ENTRY_BUFFER_MAX_SIZE)
+ {
+ self->text_size *= 2;
+ }
+ else
+ {
+ self->text_size = GTK_ENTRY_BUFFER_MAX_SIZE;
+ if (n_bytes > self->text_size - self->text_bytes - 1)
+ {
+ n_bytes = self->text_size - self->text_bytes - 1;
+ n_bytes = g_utf8_find_prev_char (chars, chars + n_bytes + 1) - chars;
+ n_chars = g_utf8_strlen (chars, n_bytes);
+ }
+ break;
+ }
+ }
+ }
+
+ self->text = gtk_secure_realloc (self->text, self->text_size);
+ }
+
+ /* Actual text insertion */
+ gsize at = g_utf8_offset_to_pointer (self->text, position) - self->text;
+ memmove (self->text + at + n_bytes, self->text + at, self->text_bytes - at);
+ memcpy (self->text + at, chars, n_bytes);
+
+ /* Book keeping */
+ self->text_bytes += n_bytes;
+ self->text_chars += n_chars;
+ self->text[self->text_bytes] = '\0';
+
+ gtk_entry_buffer_emit_inserted_text (buffer, position, chars, n_chars);
+
+ return n_chars;
+}
+
+static guint
+gtk_password_entry_buffer_real_delete_text (GtkEntryBuffer *buffer,
+ guint position,
+ guint n_chars)
+{
+ GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (buffer);
+
+ if (position > self->text_chars)
+ position = self->text_chars;
+ if (position + n_chars > self->text_chars)
+ n_chars = self->text_chars - position;
+
+ if (n_chars > 0)
+ {
+ gsize start = g_utf8_offset_to_pointer (self->text, position) - self->text;
+ gsize end = g_utf8_offset_to_pointer (self->text, position + n_chars) - self->text;
+
+ memmove (self->text + start, self->text + end, self->text_bytes + 1 - end);
+ self->text_chars -= n_chars;
+ self->text_bytes -= (end - start);
+
+ gtk_entry_buffer_emit_deleted_text (buffer, position, n_chars);
+ }
+
+ return n_chars;
+}
+
+static void
+gtk_password_entry_buffer_finalize (GObject *gobject)
+{
+ GtkPasswordEntryBuffer *self = GTK_PASSWORD_ENTRY_BUFFER (gobject);
+
+ g_clear_pointer (&self->text, gtk_secure_free);
+
+ self->text_bytes = 0;
+ self->text_size = 0;
+ self->text_chars = 0;
+
+ G_OBJECT_CLASS (gtk_password_entry_buffer_parent_class)->finalize (gobject);
+}
+
+static void
+gtk_password_entry_buffer_class_init (GtkPasswordEntryBufferClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GtkEntryBufferClass *buffer_class = GTK_ENTRY_BUFFER_CLASS (klass);
+
+ gobject_class->finalize = gtk_password_entry_buffer_finalize;
+
+ buffer_class->get_text = gtk_password_entry_buffer_real_get_text;
+ buffer_class->get_length = gtk_password_entry_buffer_real_get_length;
+ buffer_class->insert_text = gtk_password_entry_buffer_real_insert_text;
+ buffer_class->delete_text = gtk_password_entry_buffer_real_delete_text;
+}
+
+static void
+gtk_password_entry_buffer_init (GtkPasswordEntryBuffer *self)
+{
+}
+
+/*< private >
+ * gtk_password_entry_buffer_new:
+ *
+ * Creates a new #GtkEntryBuffer using secure memory allocations.
+ *
+ * Returns: (transfer full): the newly created instance
+ */
+GtkEntryBuffer *
+gtk_password_entry_buffer_new (void)
+{
+ return g_object_new (GTK_TYPE_PASSWORD_ENTRY_BUFFER, NULL);
+}
diff --git a/gtk/gtkpasswordentrybufferprivate.h b/gtk/gtkpasswordentrybufferprivate.h
new file mode 100644
index 0000000000..2f6f1da2cd
--- /dev/null
+++ b/gtk/gtkpasswordentrybufferprivate.h
@@ -0,0 +1,33 @@
+/* gtkpasswordentrybufferprivate.h: Entry buffer using secure allocation
+ *
+ * Copyright 2020 GNOME Foundation
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#pragma once
+
+#include <gtk/gtkentrybuffer.h>
+
+G_BEGIN_DECLS
+
+#define GTK_TYPE_PASSWORD_ENTRY_BUFFER (gtk_password_entry_buffer_get_type())
+
+G_DECLARE_FINAL_TYPE (GtkPasswordEntryBuffer, gtk_password_entry_buffer, GTK, PASSWORD_ENTRY_BUFFER,
GtkEntryBuffer)
+
+GtkEntryBuffer * gtk_password_entry_buffer_new (void);
+
+G_END_DECLS
diff --git a/gtk/meson.build b/gtk/meson.build
index c644ac9696..eed4dd734b 100644
--- a/gtk/meson.build
+++ b/gtk/meson.build
@@ -121,6 +121,7 @@ gtk_private_sources = files([
'gtkmenutrackeritem.c',
'gtkpango.c',
'gskpango.c',
+ 'gtkpasswordentrybuffer.c',
'gtkpathbar.c',
'gtkplacessidebar.c',
'gtkplacesview.c',
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]