From b5a7ff48ce8ac11d491190591267fa4572fbf09b Mon Sep 17 00:00:00 2001 From: Daniel Brotsky Date: Thu, 2 May 2024 11:17:27 -0700 Subject: [PATCH 1/4] On windows, don't make slices from empty passwords. Apparently, if the password is empty, it may not be word-aligned. Starting with rust 178, this means you can't make a slice out of it. --- src/windows.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/windows.rs b/src/windows.rs index aa505e4..c14e8c2 100644 --- a/src/windows.rs +++ b/src/windows.rs @@ -326,6 +326,9 @@ fn extract_password(credential: &CREDENTIALW) -> Result { // get password blob let blob_pointer: *const u8 = credential.CredentialBlob; let blob_len: usize = credential.CredentialBlobSize as usize; + if blob_len == 0 { + return Ok(String::new()); + } let blob = unsafe { std::slice::from_raw_parts(blob_pointer, blob_len) }; // 3rd parties may write credential data with an odd number of bytes, // so we make sure that we don't try to decode those as utf16 From 24ff2ac71bad79127e06f456753e0aa8677ecd47 Mon Sep 17 00:00:00 2001 From: Daniel Brotsky Date: Thu, 2 May 2024 11:32:47 -0700 Subject: [PATCH 2/4] On windows, don't make slices from empty passwords. This change catches a second case where we were doing this. Fixes #170. --- src/windows.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/windows.rs b/src/windows.rs index c14e8c2..99efca7 100644 --- a/src/windows.rs +++ b/src/windows.rs @@ -358,6 +358,9 @@ unsafe fn from_wstr(ws: *const u16) -> String { } // this code from https://stackoverflow.com/a/48587463/558006 let len = (0..).take_while(|&i| *ws.offset(i) != 0).count(); + if len == 0 { + return String::new(); + } let slice = std::slice::from_raw_parts(ws, len); String::from_utf16_lossy(slice) } From 8307694b7bd97a9d146ceea1982454bc793f9c83 Mon Sep 17 00:00:00 2001 From: Daniel Brotsky Date: Thu, 2 May 2024 11:38:41 -0700 Subject: [PATCH 3/4] Fix new clippy warning. Apparently rust 1.78 has some new warnings. --- src/keyutils.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/keyutils.rs b/src/keyutils.rs index 21681bd..d7a5245 100644 --- a/src/keyutils.rs +++ b/src/keyutils.rs @@ -241,7 +241,7 @@ impl KeyutilsCredential { // Construct the credential with a URI-style description let description = match target { - Some(value) if value.is_empty() => { + Some("") => { return Err(ErrorCode::Invalid( "target".to_string(), "cannot be empty".to_string(), From e371b5c5eddd31afc19593fd1fdc46cf7d77812c Mon Sep 17 00:00:00 2001 From: Daniel Brotsky Date: Thu, 2 May 2024 11:40:14 -0700 Subject: [PATCH 4/4] Bump version to 2.3.3. Bug fixes for rust 1.78 and latest dependencies. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 2fc555a..7719864 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,7 +6,7 @@ keywords = ["password", "credential", "keychain", "keyring", "cross-platform"] license = "MIT OR Apache-2.0" name = "keyring" repository = "https://github.com/hwchen/keyring-rs.git" -version = "2.3.2" +version = "2.3.3" rust-version = "1.68" edition = "2021" exclude = [".github/"]