From 669fbb40d894460e9603dcf6e953373e53a19347 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Tue, 28 Jan 2020 19:42:41 +0100 Subject: Use CString to store temporary passwords This patch changes the generate_password function and the User and Admin structs to use a CString instead of a Vec when storing temporary passwords. This makes sure that the strings that are passed to the C API are properly null-terminated. --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index cba0e83..be65865 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ Copyright (C) 2019-2020 Robin Krahl SPDX-License-Identifier: CC0-1.0 --> +# Unreleased +- Use `CString` to store the temporary password instead of `Vec`. + # v0.5.1 (2020-01-15) - Fix serial number formatting for Nitrokey Pro devices with firmware 0.8 or older in the `list_devices` function. -- cgit v1.2.1 From ebd754d88330478981f65e4724cc561ceff4f9e7 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Tue, 28 Jan 2020 20:31:56 +0100 Subject: Regenerate temporary passwords with null bytes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, we silently cut off temporary passwords that contained a null byte. With the change to CString, we returned a LibraryError instead. With this patch, we change to generate_password function to continue generating passwords until we have a password without a null byte. The chance of generating a password with a null byte is ca. 10 % for our temporary password with 25 characters. Therefore the chance of having to re-generate the password multiple times is low enough that we don’t bother with re-generating only the null bytes of the password for the time being. This should be improved in the future. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index be65865..5f03db2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ SPDX-License-Identifier: CC0-1.0 # Unreleased - Use `CString` to store the temporary password instead of `Vec`. +- Regenerate temporary passwords if they would contain a null byte. # v0.5.1 (2020-01-15) - Fix serial number formatting for Nitrokey Pro devices with firmware 0.8 or -- cgit v1.2.1 From ebe75339a3fb29c51ea22a0bb25fd113b15759f1 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Tue, 28 Jan 2020 21:04:01 +0100 Subject: Release v0.5.2 This patch release makes the handling of the randomly generated temporary passwords more robust. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f03db2..b75904c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ Copyright (C) 2019-2020 Robin Krahl SPDX-License-Identifier: CC0-1.0 --> -# Unreleased +# v0.5.2 (2020-01-28) - Use `CString` to store the temporary password instead of `Vec`. - Regenerate temporary passwords if they would contain a null byte. -- cgit v1.2.1