nevaforget/moonlock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: audit fixes — blur offset, lock-before-IO, FP signal lifecycle, TOCTOU (v0.6.6)
Update PKGBUILD version / update-pkgver (push) Successful in 2s
Details

Browse Source 
Third triple audit (quality, performance, security). Key fixes:
- Blur padding offset: texture at (-pad,-pad) prevents edge darkening on all sides
- Wallpaper loads after lock.lock() — disk I/O no longer delays lock acquisition
- begin_verification disconnects old signal handler before registering new one
- resume_async resets failed_attempts to prevent premature exhaustion
- Unknown VerifyStatus with done=true triggers restart instead of hanging
- symlink_metadata() replaces separate is_file()+is_symlink() (TOCTOU)
- faillock_warning dead code removed, blur sigma clamped to [0,100]
- Redundant Zeroizing<Vec<u8>> removed, on_verify_status restricted to pub(crate)
- Warn logging for non-UTF-8 GECOS and avatar path errors
- Default impl for FingerprintListener, 3 new tests (47 total)
This commit is contained in:
nevaforget
2026-03-30 13:09:02 +02:00
parent 65ea523b36
commit 1d8921abee
10 changed files with 116 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lockscreen.rs
+12 -3
View File
@@ -609,7 +609,7 @@ fn render_blurred_texture(
snapshot.push_clip(&graphene::Rect::new(pad, pad, w, h));
snapshot.push_blur(scaled_sigma as f64);
// Render texture with padding on all sides (edges repeat via oversized bounds)
snapshot.append_texture(texture, &graphene::Rect::new(0.0, 0.0, w + 2.0 * pad, h + 2.0 * pad));
snapshot.append_texture(texture, &graphene::Rect::new(-pad, -pad, w + 2.0 * pad, h + 2.0 * pad));
snapshot.pop(); // blur
snapshot.pop(); // clip
@@ -624,13 +624,22 @@ fn set_avatar_from_file(
path: &Path,
cache: &Rc<RefCell<Option<gdk::Texture>>>,
) {
match Pixbuf::from_file_at_scale(path.to_str().unwrap_or(""), AVATAR_SIZE, AVATAR_SIZE, true) {
let path_str = match path.to_str() {
Some(s) => s,
None => {
log::warn!("Avatar path is not valid UTF-8: {:?}", path);
image.set_icon_name(Some("avatar-default-symbolic"));
return;
}
};
match Pixbuf::from_file_at_scale(path_str, AVATAR_SIZE, AVATAR_SIZE, true) {
Ok(pixbuf) => {
let texture = gdk::Texture::for_pixbuf(&pixbuf);
image.set_paintable(Some(&texture));
*cache.borrow_mut() = Some(texture);
}
Err(_) => {
Err(e) => {
log::warn!("Failed to load avatar from {:?}: {e}", path);
image.set_icon_name(Some("avatar-default-symbolic"));
}
}