diff options
author | Jakob Unterwurzacher | 2017-02-13 09:13:22 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2017-02-13 09:13:22 +0100 |
commit | 3784901fcee46d3e14e154b32cc6a7822bcc90f6 (patch) | |
tree | 82293ce300022be5c4f0aa24c9664f9bb7da23db | |
parent | 54caaf4b980e0432baef54c5129aa53c43be70e8 (diff) |
readpassword: limit password length to 1000 bytes
This used to hang at 100% CPU:
cat /dev/zero | gocryptfs -init a
...and would ultimately send the box into out-of-memory.
The number 1000 is chosen arbitrarily and seems big enough
given that the password must be one line.
Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
-rw-r--r-- | internal/readpassword/read.go | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/internal/readpassword/read.go b/internal/readpassword/read.go index fe9be45..74057cf 100644 --- a/internal/readpassword/read.go +++ b/internal/readpassword/read.go @@ -16,7 +16,8 @@ import ( ) const ( - exitCode = 9 + exitCode = 9 + maxPasswordLen = 1000 ) // Once tries to get a password from the user, either from the terminal, extpass @@ -126,6 +127,10 @@ func readPasswordExtpass(extpass string) string { func readLineUnbuffered(r io.Reader) (l string) { b := make([]byte, 1) for { + if len(l) > maxPasswordLen { + tlog.Fatal.Printf("fatal: maximum password length of %d bytes exceeded", maxPasswordLen) + os.Exit(exitCode) + } n, err := r.Read(b) if err == io.EOF { return l |