diff options
Diffstat (limited to 'src/shared/ask-password-api.c')
| -rw-r--r-- | src/shared/ask-password-api.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index f8cf11b297..e35594a5df 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -78,6 +78,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) { if (n < m) break; + memory_erase(p, n); free(p); m *= 2; } @@ -86,6 +87,8 @@ static int retrieve_key(key_serial_t serial, char ***ret) { if (!l) return -ENOMEM; + memory_erase(p, n); + *ret = l; return 0; } @@ -116,6 +119,7 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa return r; r = strv_make_nulstr(l, &p, &n); + strv_erase(l); if (r < 0) return r; @@ -124,6 +128,7 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa assert(p[n-1] == 0); serial = add_key("user", keyname, p, n-1, KEY_SPEC_USER_KEYRING); + memory_erase(p, n); if (serial == -1) return -errno; @@ -361,9 +366,12 @@ int ask_password_tty( dirty = true; } + + c = 'x'; } x = strndup(passphrase, p); + memory_erase(passphrase, p); if (!x) { r = -ENOMEM; goto finish; @@ -620,6 +628,7 @@ int ask_password_agent( l = strv_new("", NULL); else l = strv_parse_nulstr(passphrase+1, n-1); + memory_erase(passphrase, n); if (!l) { r = -ENOMEM; goto finish; @@ -688,9 +697,12 @@ int ask_password_auto( if (r < 0) return r; - r = strv_consume(&l, s); - if (r < 0) + r = strv_push(&l, s); + if (r < 0) { + string_erase(s); + free(s); return -ENOMEM; + } *ret = l; return 0; |