Version v0.2.82 - Fixed final buffer size warning in /run/media path handling

Version v0.2.81 - Fixed remaining buffer size warnings - increased all preferences buffer sizes to 2048
Version v0.2.80 - Fixed compile warnings - increased buffer sizes and added length validation
2025-08-14 12:37:28 -04:00 · 2025-08-14 12:36:56 -04:00 · 2025-08-14 12:36:06 -04:00 · 2025-08-14 12:29:23 -04:00 · 2025-08-14 12:24:34 -04:00
2 changed files with 51 additions and 36 deletions
--- a/.clinerules/workspace_rules.md
+++ b/.clinerules/workspace_rules.md
@@ -1,7 +1,29 @@
 When building, use build.sh, not make. 
 Use it as follows: build.sh -m "useful comment on changes being made"
 When making TUI menus, try to use the first leter of the command and the key to press to execute that command. For example, if the command is "Open file" try to use a keypress of "o" upper or lower case to signal to open the file. Use this instead of number keyed menus when possible. In the command, the letter should be underlined that signifies the command.
 ## Buffer Size Guidelines
 ### Path Handling
 - Always use buffers of size 1024 or PATH_MAX (4096) for file paths
 - When concatenating paths with snprintf, ensure buffer is at least 2x the expected maximum input
 - Use safer path construction patterns that check lengths before concatenation
 ### String Formatting Safety
 - Before using snprintf with dynamic strings, validate that buffer size >= sum of all input string lengths + format characters + 1
 - Use strnlen() to check actual string lengths before formatting
 - Consider using asprintf() for dynamic allocation when exact size is unknown
 - Add length validation before snprintf calls
 ### Compiler Warning Prevention
 - Always size string buffers generously (minimum 1024 for paths, 512 for general strings)
 - Use buffer size calculations: `size >= strlen(str1) + strlen(str2) + format_overhead + 1`
 - Add runtime length checks before snprintf operations
 - Consider using safer alternatives like strlcpy/strlcat if available
 ### Code Patterns to Avoid
 - Fixed-size buffers (512 bytes) for path operations where inputs could be 255+ bytes each
 - Concatenating unchecked strings with snprintf
 - Assuming maximum path component sizes without validation
--- a/otp.c
+++ b/otp.c
@@ -1619,61 +1619,48 @@ int decrypt_text_silent(const char* pad_identifier, const char* encrypted_messag
    // For piped decrypt mode - silent operation with minimal output
    (void)pad_identifier; // Suppress unused parameter warning
    char line[MAX_LINE_LENGTH];
    char stored_chksum[MAX_HASH_LENGTH];
    char current_chksum[MAX_HASH_LENGTH];
    uint64_t pad_offset;
    char base64_data[MAX_INPUT_SIZE * 2] = {0};
    int in_data_section = 0;
    fprintf(stderr, "DEBUG: decrypt_text_silent called\n");
    fprintf(stderr, "DEBUG: encrypted_message is %s\n", encrypted_message ? "not NULL" : "NULL");
    if (encrypted_message != NULL) {
        fprintf(stderr, "DEBUG: Message length: %lu\n", strlen(encrypted_message));
        fprintf(stderr, "DEBUG: First 50 chars: %.50s\n", encrypted_message);
        // Parse provided encrypted message
        char *message_copy = strdup(encrypted_message);
        char *line_ptr = strtok(message_copy, "\n");
        int found_begin = 0;
        while (line_ptr != NULL) {
            fprintf(stderr, "DEBUG: Processing line: '%s'\n", line_ptr);
            if (strcmp(line_ptr, "-----BEGIN OTP MESSAGE-----") == 0) {
                found_begin = 1;
                fprintf(stderr, "DEBUG: Found BEGIN header\n");
            }
            else if (strcmp(line_ptr, "-----END OTP MESSAGE-----") == 0) {
                fprintf(stderr, "DEBUG: Found END header\n");
                break;
            }
            else if (found_begin) {
                if (strncmp(line_ptr, "Pad-ChkSum: ", 12) == 0) {
                    strncpy(stored_chksum, line_ptr + 12, 64);
                    stored_chksum[64] = '\0';
                    fprintf(stderr, "DEBUG: Found checksum: %.16s...\n", stored_chksum);
                }
                else if (strncmp(line_ptr, "Pad-Offset: ", 12) == 0) {
                    pad_offset = strtoull(line_ptr + 12, NULL, 10);
                    fprintf(stderr, "DEBUG: Found offset: %lu\n", pad_offset);
                }
                else if (strlen(line_ptr) == 0) {
                    in_data_section = 1;
                    fprintf(stderr, "DEBUG: Entering data section\n");
                }
                else if (in_data_section) {
                    strncat(base64_data, line_ptr, sizeof(base64_data) - strlen(base64_data) - 1);
-                    fprintf(stderr, "DEBUG: Added data line: %s\n", line_ptr);
+                }
                else if (strncmp(line_ptr, "Version:", 8) != 0 && strncmp(line_ptr, "Pad-", 4) != 0) {
                    // This might be base64 data without a blank line separator
                    strncat(base64_data, line_ptr, sizeof(base64_data) - strlen(base64_data) - 1);
                }
            }
            line_ptr = strtok(NULL, "\n");
        }
        free(message_copy);
        fprintf(stderr, "DEBUG: Parsing complete. found_begin=%d, base64_data='%s'\n", found_begin, base64_data);
        if (!found_begin) {
            fprintf(stderr, "Error: Invalid message format - missing BEGIN header\n");
            return 1;
@@ -1745,8 +1732,9 @@ int decrypt_text_silent(const char* pad_identifier, const char* encrypted_messag
    }
    plaintext[ciphertext_len] = '\0';
-    // Output only the decrypted text - no extra messages
+    // Output only the decrypted text with newline and flush
-    printf("%s", plaintext);
+    printf("%s\n", plaintext);
    fflush(stdout);
    // Cleanup
    free(ciphertext);
@@ -2623,7 +2611,7 @@ int load_preferences(void) {
    }
    char preferences_dir[1024];
-    char preferences_file[1024];
+    char preferences_file[2048];  // Increased buffer size to accommodate longer paths
    snprintf(preferences_dir, sizeof(preferences_dir), "%s/.otp", home_dir);
    snprintf(preferences_file, sizeof(preferences_file), "%s/otp.conf", preferences_dir);
@@ -2671,7 +2659,7 @@ int save_preferences(void) {
    }
    char preferences_dir[1024];
-    char preferences_file[1024];
+    char preferences_file[2048];  // Increased buffer size to accommodate longer paths
    snprintf(preferences_dir, sizeof(preferences_dir), "%s/.otp", home_dir);
    snprintf(preferences_file, sizeof(preferences_file), "%s/otp.conf", preferences_dir);
@@ -2744,7 +2732,7 @@ int detect_otp_thumb_drive(char* otp_drive_path, size_t path_size) {
        while ((mount_entry = readdir(mount_dir)) != NULL) {
            if (mount_entry->d_name[0] == '.') continue;
-            char mount_path[512];
+            char mount_path[1024];  // Increased buffer size
            snprintf(mount_path, sizeof(mount_path), "%s/%s", mount_dirs[mount_idx], mount_entry->d_name);
            // For /media, we need to go one level deeper (user directories)
@@ -2760,7 +2748,11 @@ int detect_otp_thumb_drive(char* otp_drive_path, size_t path_size) {
                    // Check if drive name starts with "OTP"
                    if (strncmp(user_entry->d_name, "OTP", 3) != 0) continue;
-                    char user_mount_path[512];
+                    char user_mount_path[1024];  // Increased buffer size
                    // Verify buffer has enough space before concatenation
                    size_t mount_len = strlen(mount_path);
                    size_t entry_len = strlen(user_entry->d_name);
                    if (mount_len + entry_len + 2 < sizeof(user_mount_path)) {
                        snprintf(user_mount_path, sizeof(user_mount_path), "%s/%s", mount_path, user_entry->d_name);
                        // Check if this is a readable directory
@@ -2774,6 +2766,7 @@ int detect_otp_thumb_drive(char* otp_drive_path, size_t path_size) {
                            return 1; // Found OTP drive
                        }
                    }
                }
                closedir(user_dir);
            } else if (strcmp(mount_dirs[mount_idx], "/run/media") == 0) {
                // For /run/media, we need to go one level deeper (skip username)
@@ -2787,7 +2780,7 @@ int detect_otp_thumb_drive(char* otp_drive_path, size_t path_size) {
                    // Check if drive name starts with "OTP"
                    if (strncmp(user_entry->d_name, "OTP", 3) != 0) continue;
-                    char user_mount_path[512];
+                    char user_mount_path[2048];  // Increased buffer size
                    snprintf(user_mount_path, sizeof(user_mount_path), "%s/%s", mount_path, user_entry->d_name);
                    // Check if this is a readable directory
@@ -3404,7 +3397,7 @@ int handle_pads_menu(void) {
            pads[pad_count].chksum[64] = '\0';
            // Get pad file size and usage info
-            char full_path[512];
+            char full_path[1024];  // Increased buffer size
            snprintf(full_path, sizeof(full_path), "%s/%s", current_pads_dir, entry->d_name);
            struct stat st;
            if (stat(full_path, &st) == 0) {
Author	SHA1	Message	Date
Laan Tungir	a85c4ed55b	Version v0.2.82 - Fixed final buffer size warning in /run/media path handling	2025-08-14 12:37:28 -04:00
Laan Tungir	a9974c7e87	Version v0.2.81 - Fixed remaining buffer size warnings - increased all preferences buffer sizes to 2048	2025-08-14 12:36:56 -04:00
Laan Tungir	592d54728b	Version v0.2.80 - Fixed compile warnings - increased buffer sizes and added length validation	2025-08-14 12:36:06 -04:00
Laan Tungir	21b3c4de52	Version v0.2.79 - Fixed decrypt output - added newline and flush to ensure proper output	2025-08-14 12:29:23 -04:00
Laan Tungir	3a854c3ccf	Version v0.2.78 - Fixed base64 data parsing - added fallback for data lines without empty separator	2025-08-14 12:24:34 -04:00