summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/ask-password/ask-password.c4
-rw-r--r--src/basic/strv.c9
-rw-r--r--src/basic/strv.h4
-rw-r--r--src/basic/util.c9
-rw-r--r--src/basic/util.h5
-rw-r--r--src/cryptsetup/cryptsetup.c40
-rw-r--r--src/firstboot/firstboot.c9
-rw-r--r--src/shared/ask-password-api.c3
-rw-r--r--src/tty-ask-password-agent/tty-ask-password-agent.c8
9 files changed, 43 insertions, 48 deletions
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index 89a49c2e86..a544866000 100644
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -144,7 +144,7 @@ static int parse_argv(int argc, char *argv[]) {
}
int main(int argc, char *argv[]) {
- _cleanup_strv_free_ char **l = NULL;
+ _cleanup_strv_free_erase_ char **l = NULL;
usec_t timeout;
char **p;
int r;
@@ -174,8 +174,6 @@ int main(int argc, char *argv[]) {
break;
}
- strv_erase(l);
-
finish:
free(arg_message);
diff --git a/src/basic/strv.c b/src/basic/strv.c
index b66c176487..501d022cb9 100644
--- a/src/basic/strv.c
+++ b/src/basic/strv.c
@@ -86,6 +86,15 @@ char **strv_free(char **l) {
return NULL;
}
+char **strv_free_erase(char **l) {
+ char **i;
+
+ STRV_FOREACH(i, l)
+ string_erase(*i);
+
+ return strv_free(l);
+}
+
char **strv_copy(char * const *l) {
char **r, **k;
diff --git a/src/basic/strv.h b/src/basic/strv.h
index e49f443835..a5dc696a87 100644
--- a/src/basic/strv.h
+++ b/src/basic/strv.h
@@ -35,6 +35,10 @@ char **strv_free(char **l);
DEFINE_TRIVIAL_CLEANUP_FUNC(char**, strv_free);
#define _cleanup_strv_free_ _cleanup_(strv_freep)
+char **strv_free_erase(char **l);
+DEFINE_TRIVIAL_CLEANUP_FUNC(char**, strv_free_erase);
+#define _cleanup_strv_free_erase_ _cleanup_(strv_free_erasep)
+
void strv_clear(char **l);
char **strv_copy(char * const *l);
diff --git a/src/basic/util.c b/src/basic/util.c
index f24db9796e..a14ed2e4cc 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -6817,9 +6817,10 @@ void string_erase(char *x) {
memory_erase(x, strlen(x));
}
-void strv_erase(char **l) {
- char **i;
+char *string_free_erase(char *s) {
+ if (!s)
+ return NULL;
- STRV_FOREACH(i, l)
- string_erase(*i);
+ string_erase(s);
+ return mfree(s);
}
diff --git a/src/basic/util.h b/src/basic/util.h
index b1c64675e0..4b1c5878c5 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -946,4 +946,7 @@ bool oom_score_adjust_is_valid(int oa);
#define memory_erase(p, l) memset((p), 'x', (l))
void string_erase(char *x);
-void strv_erase(char **l);
+
+char *string_free_erase(char *s);
+DEFINE_TRIVIAL_CLEANUP_FUNC(char *, string_free_erase);
+#define _cleanup_string_free_erase_ _cleanup_(string_free_erasep)
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index c9be17446b..ecc1273eec 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -314,7 +314,7 @@ static char *disk_mount_point(const char *label) {
static int get_password(const char *vol, const char *src, usec_t until, bool accept_cached, char ***ret) {
_cleanup_free_ char *description = NULL, *name_buffer = NULL, *mount_point = NULL, *maj_min = NULL, *text = NULL, *escaped_name = NULL;
- _cleanup_strv_free_ char **passwords = NULL, **passwords2 = NULL;
+ _cleanup_strv_free_erase_ char **passwords = NULL;
const char *name = NULL;
char **p, *id;
int r = 0;
@@ -361,32 +361,31 @@ static int get_password(const char *vol, const char *src, usec_t until, bool acc
id = strjoina("cryptsetup:", escaped_name);
- r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until, ASK_PASSWORD_PUSH_CACHE|(accept_cached ? ASK_PASSWORD_ACCEPT_CACHED : 0), &passwords);
+ r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until,
+ ASK_PASSWORD_PUSH_CACHE | (accept_cached*ASK_PASSWORD_ACCEPT_CACHED),
+ &passwords);
if (r < 0)
return log_error_errno(r, "Failed to query password: %m");
if (arg_verify) {
+ _cleanup_strv_free_erase_ char **passwords2 = NULL;
+
assert(strv_length(passwords) == 1);
- if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0) {
- r = log_oom();
- goto finish;
- }
+ if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0)
+ return log_oom();
id = strjoina("cryptsetup-verification:", escaped_name);
r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until, ASK_PASSWORD_PUSH_CACHE, &passwords2);
- if (r < 0) {
- log_error_errno(r, "Failed to query verification password: %m");
- goto finish;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to query verification password: %m");
assert(strv_length(passwords2) == 1);
if (!streq(passwords[0], passwords2[0])) {
log_warning("Passwords did not match, retrying.");
- r = -EAGAIN;
- goto finish;
+ return -EAGAIN;
}
}
@@ -400,10 +399,8 @@ static int get_password(const char *vol, const char *src, usec_t until, bool acc
/* Pad password if necessary */
c = new(char, arg_key_size);
- if (!c) {
- r = -ENOMEM;
- goto finish;
- }
+ if (!c)
+ return log_oom();
strncpy(c, *p, arg_key_size);
free(*p);
@@ -413,13 +410,7 @@ static int get_password(const char *vol, const char *src, usec_t until, bool acc
*ret = passwords;
passwords = NULL;
- r = 0;
-
-finish:
- strv_erase(passwords);
- strv_erase(passwords2);
-
- return r;
+ return 0;
}
static int attach_tcrypt(
@@ -683,7 +674,7 @@ int main(int argc, char *argv[]) {
}
for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
- _cleanup_strv_free_ char **passwords = NULL;
+ _cleanup_strv_free_erase_ char **passwords = NULL;
if (!key_file) {
k = get_password(argv[2], argv[3], until, tries == 0 && !arg_verify, &passwords);
@@ -702,7 +693,6 @@ int main(int argc, char *argv[]) {
arg_header ? argv[3] : NULL,
passwords,
flags);
- strv_erase(passwords);
if (k >= 0)
break;
else if (k == -EAGAIN) {
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index da247fbef8..82ebb91788 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -455,7 +455,7 @@ static int prompt_root_password(void) {
msg2 = strjoina(draw_special_char(DRAW_TRIANGULAR_BULLET), " Please enter new root password again: ");
for (;;) {
- _cleanup_free_ char *a = NULL, *b = NULL;
+ _cleanup_string_free_erase_ char *a = NULL, *b = NULL;
r = ask_password_tty(msg1, NULL, 0, 0, NULL, &a);
if (r < 0)
@@ -467,19 +467,14 @@ static int prompt_root_password(void) {
}
r = ask_password_tty(msg2, NULL, 0, 0, NULL, &b);
- if (r < 0) {
- string_erase(a);
+ if (r < 0)
return log_error_errno(r, "Failed to query root password: %m");
- }
if (!streq(a, b)) {
log_error("Entered passwords did not match, please try again.");
- string_erase(a);
- string_erase(b);
continue;
}
- string_erase(b);
arg_root_password = a;
a = NULL;
break;
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index e35594a5df..ddf42f11e1 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -94,7 +94,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
}
static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **passwords) {
- _cleanup_strv_free_ char **l = NULL;
+ _cleanup_strv_free_erase_ char **l = NULL;
_cleanup_free_ char *p = NULL;
key_serial_t serial;
size_t n;
@@ -119,7 +119,6 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa
return r;
r = strv_make_nulstr(l, &p, &n);
- strv_erase(l);
if (r < 0)
return r;
diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
index 7a5ac9fa9c..8423364046 100644
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -307,7 +307,7 @@ static int parse_password(const char *filename, char **wall) {
}
if (arg_plymouth) {
- _cleanup_strv_free_ char **passwords = NULL;
+ _cleanup_strv_free_erase_ char **passwords = NULL;
r = ask_password_plymouth(message, not_after, accept_cached ? ASK_PASSWORD_ACCEPT_CACHED : 0, filename, &passwords);
if (r >= 0) {
@@ -330,10 +330,8 @@ static int parse_password(const char *filename, char **wall) {
}
}
- strv_erase(passwords);
-
} else {
- _cleanup_free_ char *password = NULL;
+ _cleanup_string_free_erase_ char *password = NULL;
int tty_fd = -1;
if (arg_console) {
@@ -363,8 +361,6 @@ static int parse_password(const char *filename, char **wall) {
strcpy(packet + 1, password);
}
}
-
- string_erase(password);
}
if (IN_SET(r, -ETIME, -ENOENT)) {