tree-wide: whenever we deal with passwords, erase them from memory after use

A bit snake-oilish, but can't hurt.
author: Lennart Poettering <lennart@poettering.net> 2015-10-14 22:40:23 +0200
committer: Lennart Poettering <lennart@poettering.net> 2015-10-19 23:13:07 +0200
commit: 1602b008531ba6e0c704588cb2643daef26b71d9 (patch)
tree: 20cfee002c72138337da1822654af4e9266f4937 /src/shared/ask-password-api.c
parent: 0245cf8167d34e483955b90da7f5d5f154ca57ef (diff)
1 files changed, 14 insertions, 2 deletions
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index f8cf11b297..e35594a5df 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -78,6 +78,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
                 if (n < m)
                         break;
 
+                memory_erase(p, n);
                 free(p);
                 m *= 2;
         }
@@ -86,6 +87,8 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
         if (!l)
                 return -ENOMEM;
 
+        memory_erase(p, n);
+
         *ret = l;
         return 0;
 }
@@ -116,6 +119,7 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa
                 return r;
 
         r = strv_make_nulstr(l, &p, &n);
+        strv_erase(l);
         if (r < 0)
                 return r;
 
@@ -124,6 +128,7 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa
         assert(p[n-1] == 0);
 
         serial = add_key("user", keyname, p, n-1, KEY_SPEC_USER_KEYRING);
+        memory_erase(p, n);
         if (serial == -1)
                 return -errno;
 
@@ -361,9 +366,12 @@ int ask_password_tty(
 
                         dirty = true;
                 }
+
+                c = 'x';
         }
 
         x = strndup(passphrase, p);
+        memory_erase(passphrase, p);
         if (!x) {
                 r = -ENOMEM;
                 goto finish;
@@ -620,6 +628,7 @@ int ask_password_agent(
                                 l = strv_new("", NULL);
                         else
                                 l = strv_parse_nulstr(passphrase+1, n-1);
+                        memory_erase(passphrase, n);
                         if (!l) {
                                 r = -ENOMEM;
                                 goto finish;
@@ -688,9 +697,12 @@ int ask_password_auto(
                 if (r < 0)
                         return r;
 
-                r = strv_consume(&l, s);
-                if (r < 0)
+                r = strv_push(&l, s);
+                if (r < 0) {
+                        string_erase(s);
+                        free(s);
                         return -ENOMEM;
+                }
 
                 *ret = l;
                 return 0;
author	Lennart Poettering <lennart@poettering.net>	2015-10-14 22:40:23 +0200
committer	Lennart Poettering <lennart@poettering.net>	2015-10-19 23:13:07 +0200
commit	1602b008531ba6e0c704588cb2643daef26b71d9 (patch)
tree	20cfee002c72138337da1822654af4e9266f4937 /src/shared/ask-password-api.c
parent	0245cf8167d34e483955b90da7f5d5f154ca57ef (diff)