summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-02-13 09:13:22 +0100
committerJakob Unterwurzacher2017-02-13 09:13:22 +0100
commit3784901fcee46d3e14e154b32cc6a7822bcc90f6 (patch)
tree82293ce300022be5c4f0aa24c9664f9bb7da23db
parent54caaf4b980e0432baef54c5129aa53c43be70e8 (diff)
readpassword: limit password length to 1000 bytes
This used to hang at 100% CPU: cat /dev/zero | gocryptfs -init a ...and would ultimately send the box into out-of-memory. The number 1000 is chosen arbitrarily and seems big enough given that the password must be one line. Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
-rw-r--r--internal/readpassword/read.go7
1 files changed, 6 insertions, 1 deletions
diff --git a/internal/readpassword/read.go b/internal/readpassword/read.go
index fe9be45..74057cf 100644
--- a/internal/readpassword/read.go
+++ b/internal/readpassword/read.go
@@ -16,7 +16,8 @@ import (
)
const (
- exitCode = 9
+ exitCode = 9
+ maxPasswordLen = 1000
)
// Once tries to get a password from the user, either from the terminal, extpass
@@ -126,6 +127,10 @@ func readPasswordExtpass(extpass string) string {
func readLineUnbuffered(r io.Reader) (l string) {
b := make([]byte, 1)
for {
+ if len(l) > maxPasswordLen {
+ tlog.Fatal.Printf("fatal: maximum password length of %d bytes exceeded", maxPasswordLen)
+ os.Exit(exitCode)
+ }
n, err := r.Read(b)
if err == io.EOF {
return l