Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Minor security enhancements to the optional SEE integration. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
a8484dc32721016061f055d2edfcb71f |
User & Date: | mistachkin 2016-10-26 21:31:36 |
Context
2016-10-26
| ||
21:32 | Minor tweaks to the break_into_lines() algorithm. Add tests. check-in: 057e4b0a user: mistachkin tags: trunk | |
21:31 | Minor security enhancements to the optional SEE integration. check-in: a8484dc3 user: mistachkin tags: trunk | |
21:28 | Fixes for incremental Git import/export. check-in: 27c8985c user: mistachkin tags: trunk | |
2016-10-04
| ||
19:17 | Coding style tweaks. Closed-Leaf check-in: 34d988c2 user: mistachkin tags: seeEnhanced | |
Changes
Changes to src/db.c.
868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 ... 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 ... 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 |
db_now_function, 0, 0); sqlite3_create_function(db, "toLocal", 0, SQLITE_UTF8, 0, db_tolocal_function, 0, 0); sqlite3_create_function(db, "fromLocal", 0, SQLITE_UTF8, 0, db_fromlocal_function, 0, 0); } /* ** If the database file zDbFile has a name that suggests that it is ** encrypted, then prompt for the encryption key and return it in the ** blob *pKey. Or, if the encryption key has previously been requested, ** just return a copy of the previous result. */ static void db_encryption_key( const char *zDbFile, /* Name of the database file */ Blob *pKey /* Put the encryption key here */ ){ blob_init(pKey, 0, 0); #if USE_SEE if( sqlite3_strglob("*.efossil", zDbFile)==0 ){ static char *zSavedKey = 0; if( zSavedKey ){ blob_set(pKey, zSavedKey); }else{ char *zPrompt = mprintf("\rencryption key for '%s': ", zDbFile); prompt_for_password(zPrompt, pKey, 0); fossil_free(zPrompt); zSavedKey = fossil_strdup(blob_str(pKey)); } } #endif } /* ................................................................................ zDbName, &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, g.zVfsName ); if( rc!=SQLITE_OK ){ db_err("[%s]: %s", zDbName, sqlite3_errmsg(db)); } db_encryption_key(zDbName, &key); if( blob_size(&key)>0 ){ char *zCmd = sqlite3_mprintf("PRAGMA key(%Q)", blob_str(&key)); sqlite3_exec(db, zCmd, 0, 0, 0); sqlite3_free(zCmd); } blob_reset(&key); sqlite3_busy_timeout(db, 5000); sqlite3_wal_autocheckpoint(db, 1); /* Set to checkpoint frequently */ sqlite3_create_function(db, "user", 0, SQLITE_UTF8, 0, db_sql_user, 0, 0); sqlite3_create_function(db, "cgi", 1, SQLITE_UTF8, 0, db_sql_cgi, 0, 0); ................................................................................ } /* ** zDbName is the name of a database file. Attach zDbName using ** the name zLabel. */ void db_attach(const char *zDbName, const char *zLabel){ Blob key; db_encryption_key(zDbName, &key); db_multi_exec("ATTACH DATABASE %Q AS %Q KEY %Q", zDbName, zLabel, blob_str(&key)); blob_reset(&key); } /* ** Change the schema name of the "main" database to zLabel. ** zLabel must be a static string that is unchanged for the life of ** the database connection. |
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | | > | < < > | | | > | > > > | | | > > > |
868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 ... 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 .... 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 |
db_now_function, 0, 0); sqlite3_create_function(db, "toLocal", 0, SQLITE_UTF8, 0, db_tolocal_function, 0, 0); sqlite3_create_function(db, "fromLocal", 0, SQLITE_UTF8, 0, db_fromlocal_function, 0, 0); } #if USE_SEE /* ** This is a pointer to the saved database encryption key string. */ static char *zSavedKey = 0; /* ** This is the size of the saved database encryption key, in bytes. */ size_t savedKeySize = 0; /* ** This function returns the saved database encryption key -OR- zero if ** no database encryption key is saved. */ static char *db_get_saved_encryption_key(){ return zSavedKey; } /* ** This function arranges for the database encryption key to be securely ** saved in non-pagable memory (on platforms where this is possible). */ static void db_save_encryption_key( Blob *pKey ){ void *p = NULL; size_t n = 0; size_t pageSize = 0; size_t blobSize = 0; blobSize = blob_size(pKey); if( blobSize==0 ) return; fossil_get_page_size(&pageSize); assert( pageSize>0 ); if( blobSize>pageSize ){ fossil_fatal("key blob too large: %u versus %u", blobSize, pageSize); } p = fossil_secure_alloc_page(&n); assert( p!=NULL ); assert( n==pageSize ); assert( n>=blobSize ); memcpy(p, blob_str(pKey), blobSize); zSavedKey = p; savedKeySize = n; } /* ** This function arranges for the saved database encryption key to be ** securely zeroed, unlocked (if necessary), and freed. */ void db_unsave_encryption_key(){ fossil_secure_free_page(zSavedKey, savedKeySize); zSavedKey = NULL; savedKeySize = 0; } /* ** This function sets the saved database encryption key to the specified ** string value, allocating or freeing the underlying memory if needed. */ void db_set_saved_encryption_key( Blob *pKey ){ if( zSavedKey!=NULL ){ size_t blobSize = blob_size(pKey); if( blobSize==0 ){ db_unsave_encryption_key(); }else{ if( blobSize>savedKeySize ){ fossil_fatal("key blob too large: %u versus %u", blobSize, savedKeySize); } fossil_secure_zero(zSavedKey, savedKeySize); memcpy(zSavedKey, blob_str(pKey), blobSize); } }else{ db_save_encryption_key(pKey); } } #endif /* USE_SEE */ /* ** If the database file zDbFile has a name that suggests that it is ** encrypted, then prompt for the database encryption key and return it ** in the blob *pKey. Or, if the encryption key has previously been ** requested, just return a copy of the previous result. The blob in ** *pKey must be initialized. */ static void db_maybe_obtain_encryption_key( const char *zDbFile, /* Name of the database file */ Blob *pKey /* Put the encryption key here */ ){ #if USE_SEE if( sqlite3_strglob("*.efossil", zDbFile)==0 ){ char *zKey = db_get_saved_encryption_key(); if( zKey ){ blob_set(pKey, zKey); }else{ char *zPrompt = mprintf("\rencryption key for '%s': ", zDbFile); prompt_for_password(zPrompt, pKey, 0); fossil_free(zPrompt); db_set_saved_encryption_key(pKey); } } #endif } /* ................................................................................ zDbName, &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, g.zVfsName ); if( rc!=SQLITE_OK ){ db_err("[%s]: %s", zDbName, sqlite3_errmsg(db)); } blob_init(&key, 0, 0); db_maybe_obtain_encryption_key(zDbName, &key); if( blob_size(&key)>0 ){ char *zCmd = sqlite3_mprintf("PRAGMA key(%Q)", blob_str(&key)); sqlite3_exec(db, zCmd, 0, 0, 0); fossil_secure_zero(zCmd, strlen(zCmd)); sqlite3_free(zCmd); } blob_reset(&key); sqlite3_busy_timeout(db, 5000); sqlite3_wal_autocheckpoint(db, 1); /* Set to checkpoint frequently */ sqlite3_create_function(db, "user", 0, SQLITE_UTF8, 0, db_sql_user, 0, 0); sqlite3_create_function(db, "cgi", 1, SQLITE_UTF8, 0, db_sql_cgi, 0, 0); ................................................................................ } /* ** zDbName is the name of a database file. Attach zDbName using ** the name zLabel. */ void db_attach(const char *zDbName, const char *zLabel){ char *zCmd; Blob key; blob_init(&key, 0, 0); db_maybe_obtain_encryption_key(zDbName, &key); zCmd = sqlite3_mprintf("ATTACH DATABASE %Q AS %Q KEY %Q", zDbName, zLabel, blob_str(&key)); db_multi_exec(zCmd /*works-like:""*/); fossil_secure_zero(zCmd, strlen(zCmd)); sqlite3_free(zCmd); blob_reset(&key); } /* ** Change the schema name of the "main" database to zLabel. ** zLabel must be a static string that is unchanged for the life of ** the database connection. |
Changes to src/main.c.
297 298 299 300 301 302 303 304 305 306 307 308 309 310 |
Global g; /* ** atexit() handler which frees up "some" of the resources ** used by fossil. */ static void fossil_atexit(void) { #if defined(_WIN32) && !defined(_WIN64) && defined(FOSSIL_ENABLE_TCL) && \ defined(USE_TCL_STUBS) /* ** If Tcl is compiled on Windows using the latest MinGW, Fossil can crash ** when exiting while a stubs-enabled Tcl is still loaded. This is due to ** a bug in MinGW, see: ** |
> > > > > > > > > > > > |
297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 |
Global g; /* ** atexit() handler which frees up "some" of the resources ** used by fossil. */ static void fossil_atexit(void) { #if USE_SEE /* ** Zero, unlock, and free the saved database encryption key now. */ db_unsave_encryption_key(); #endif #if defined(_WIN32) || defined(__BIONIC__) /* ** Free the secure getpass() buffer now. */ freepass(); #endif #if defined(_WIN32) && !defined(_WIN64) && defined(FOSSIL_ENABLE_TCL) && \ defined(USE_TCL_STUBS) /* ** If Tcl is compiled on Windows using the latest MinGW, Fossil can crash ** when exiting while a stubs-enabled Tcl is still loaded. This is due to ** a bug in MinGW, see: ** |
Changes to src/user.c.
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
..
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
** ** Commands and procedures used for creating, processing, editing, and ** querying information about users. */ #include "config.h" #include "user.h" #if defined(_WIN32) #include <conio.h> #endif /* ** Strip leading and trailing space from a string and add the string ** onto the end of a blob. */ static void strip_string(Blob *pBlob, char *z){ int i; blob_reset(pBlob); ................................................................................ } if( z[i]>0 && z[i]<' ' ) z[i] = ' '; } blob_append(pBlob, z, -1); } #if defined(_WIN32) || defined(__BIONIC__) #ifdef __MINGW32__ #include <conio.h> #endif /* ** getpass for Windows and Android */ static char *getpass(const char *prompt){ static char pwd[64]; size_t i; fputs(prompt,stderr); fflush(stderr); for(i=0; i<sizeof(pwd)-1; ++i){ #if defined(_WIN32) pwd[i] = _getch(); #else pwd[i] = getc(stdin); #endif if(pwd[i]=='\r' || pwd[i]=='\n'){ break; } /* BS or DEL */ else if(i>0 && (pwd[i]==8 || pwd[i]==127)){ i -= 2; continue; } /* CTRL-C */ else if(pwd[i]==3) { i=0; break; } /* ESC */ else if(pwd[i]==27){ i=0; break; } else{ fputc('*',stderr); } } pwd[i]='\0'; fputs("\n", stderr); return pwd; } #endif #if defined(_WIN32) || defined(WIN32) # include <io.h> # include <fcntl.h> # undef popen |
<
<
<
<
|
>
|
>
>
>
<
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
|
|
|
|
|
>
|
>
>
>
>
>
|
17
18
19
20
21
22
23
24
25
26
27
28
29
30
..
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
** ** Commands and procedures used for creating, processing, editing, and ** querying information about users. */ #include "config.h" #include "user.h" /* ** Strip leading and trailing space from a string and add the string ** onto the end of a blob. */ static void strip_string(Blob *pBlob, char *z){ int i; blob_reset(pBlob); ................................................................................ } if( z[i]>0 && z[i]<' ' ) z[i] = ' '; } blob_append(pBlob, z, -1); } #if defined(_WIN32) || defined(__BIONIC__) #ifdef _WIN32 #include <conio.h> #endif /* ** getpass() for Windows and Android. */ static char *zPwdBuffer = 0; static size_t nPwdBuffer = 0; static char *getpass(const char *prompt){ char *zPwd; size_t nPwd; size_t i; if( zPwdBuffer==0 ){ zPwdBuffer = fossil_secure_alloc_page(&nPwdBuffer); assert( zPwdBuffer ); }else{ fossil_secure_zero(zPwdBuffer, nPwdBuffer); } zPwd = zPwdBuffer; nPwd = nPwdBuffer; fputs(prompt,stderr); fflush(stderr); assert( zPwd!=0 ); assert( nPwd>0 ); for(i=0; i<nPwd-1; ++i){ #if defined(_WIN32) zPwd[i] = _getch(); #else zPwd[i] = getc(stdin); #endif if(zPwd[i]=='\r' || zPwd[i]=='\n'){ break; } /* BS or DEL */ else if(i>0 && (zPwd[i]==8 || zPwd[i]==127)){ i -= 2; continue; } /* CTRL-C */ else if(zPwd[i]==3) { i=0; break; } /* ESC */ else if(zPwd[i]==27){ i=0; break; } else{ fputc('*',stderr); } } zPwd[i]='\0'; fputs("\n", stderr); assert( zPwd==zPwdBuffer ); return zPwd; } void freepass(){ if( !zPwdBuffer ) return; assert( nPwdBuffer>0 ); fossil_secure_free_page(zPwdBuffer, nPwdBuffer); } #endif #if defined(_WIN32) || defined(WIN32) # include <io.h> # include <fcntl.h> # undef popen |
Changes to src/util.c.
53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
void fossil_free(void *p){ free(p); } void *fossil_realloc(void *p, size_t n){ p = realloc(p, n); if( p==0 ) fossil_panic("out of memory"); return p; } /* ** This function implements a cross-platform "system()" interface. */ int fossil_system(const char *zOrigCmd){ int rc; |
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 |
void fossil_free(void *p){ free(p); } void *fossil_realloc(void *p, size_t n){ p = realloc(p, n); if( p==0 ) fossil_panic("out of memory"); return p; } void fossil_secure_zero(void *p, size_t n){ volatile unsigned char *vp = (volatile unsigned char *)p; size_t i; if( p==0 ) return; assert( n>0 ); if( n==0 ) return; for(i=0; i<n; i++){ vp[i] ^= 0xFF; } for(i=0; i<n; i++){ vp[i] ^= vp[i]; } } void fossil_get_page_size(size_t *piPageSize){ #if defined(_WIN32) SYSTEM_INFO sysInfo; memset(&sysInfo, 0, sizeof(SYSTEM_INFO)); GetSystemInfo(&sysInfo); *piPageSize = (size_t)sysInfo.dwPageSize; #else *piPageSize = 4096; /* FIXME: What for POSIX? */ #endif } void *fossil_secure_alloc_page(size_t *pN){ void *p; size_t pageSize; fossil_get_page_size(&pageSize); assert( pageSize>0 ); assert( pageSize%2==0 ); #if defined(_WIN32) p = VirtualAlloc(NULL, pageSize, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE); if( p==NULL ){ fossil_fatal("VirtualAlloc failed: %lu\n", GetLastError()); } if( !VirtualLock(p, pageSize) ){ fossil_fatal("VirtualLock failed: %lu\n", GetLastError()); } #else p = fossil_malloc(pageSize); #endif fossil_secure_zero(p, pageSize); if( pN ) *pN = pageSize; return p; } void fossil_secure_free_page(void *p, size_t n){ if( !p ) return; assert( n>0 ); fossil_secure_zero(p, n); #if defined(_WIN32) if( !VirtualUnlock(p, n) ){ fossil_fatal("VirtualUnlock failed: %lu\n", GetLastError()); } if( !VirtualFree(p, 0, MEM_RELEASE) ){ fossil_fatal("VirtualFree failed: %lu\n", GetLastError()); } #else fossil_free(p); #endif } /* ** This function implements a cross-platform "system()" interface. */ int fossil_system(const char *zOrigCmd){ int rc; |
Changes to www/changes.wiki.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
* Fix a C99-ism that prevents the 1.36 release from building with MSVC. * Fix [/help?cmd=ticket|ticket set] when using the "+" prefix with fields from the "ticketchng" table. * Enhance the "brlist" page to make use of branch colors. * Remove the "fusefs" command from builds that do not have the underlying support enabled. * Fixes for incremental git import/export. * TH1 enhancements: <ul><li>Add <nowiki>[unversioned content]</nowiki> command.</li> <li>Add <nowiki>[unversioned list]</nowiki> command.</li> <li>Add project_description variable.</li> </ul> <a name='v1_36'></a> |
> > |
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
* Fix a C99-ism that prevents the 1.36 release from building with MSVC. * Fix [/help?cmd=ticket|ticket set] when using the "+" prefix with fields from the "ticketchng" table. * Enhance the "brlist" page to make use of branch colors. * Remove the "fusefs" command from builds that do not have the underlying support enabled. * Fixes for incremental git import/export. * Minor security enhancements to [./encryptedrepos.wiki|encrypted repositories]. * TH1 enhancements: <ul><li>Add <nowiki>[unversioned content]</nowiki> command.</li> <li>Add <nowiki>[unversioned list]</nowiki> command.</li> <li>Add project_description variable.</li> </ul> <a name='v1_36'></a> |