From 1602b008531ba6e0c704588cb2643daef26b71d9 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 14 Oct 2015 22:40:23 +0200
Subject: tree-wide: whenever we deal with passwords, erase them from memory
 after use

A bit snake-oilish, but can't hurt.
---
 src/basic/util.c | 18 ++++++++++++++++++
 src/basic/util.h |  4 ++++
 2 files changed, 22 insertions(+)

(limited to 'src/basic')

diff --git a/src/basic/util.c b/src/basic/util.c
index 2565b0f547..f24db9796e 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -6805,3 +6805,21 @@ bool fdname_is_valid(const char *s) {
 bool oom_score_adjust_is_valid(int oa) {
         return oa >= OOM_SCORE_ADJ_MIN && oa <= OOM_SCORE_ADJ_MAX;
 }
+
+void string_erase(char *x) {
+
+        if (!x)
+                return;
+
+        /* A delicious drop of snake-oil! To be called on memory where
+         * we stored passphrases or so, after we used them. */
+
+        memory_erase(x, strlen(x));
+}
+
+void strv_erase(char **l) {
+        char **i;
+
+        STRV_FOREACH(i, l)
+                string_erase(*i);
+}
diff --git a/src/basic/util.h b/src/basic/util.h
index 6c63bc221f..b1c64675e0 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -943,3 +943,7 @@ int version(void);
 bool fdname_is_valid(const char *s);
 
 bool oom_score_adjust_is_valid(int oa);
+
+#define memory_erase(p, l) memset((p), 'x', (l))
+void string_erase(char *x);
+void strv_erase(char **l);
-- 
cgit v1.2.3-54-g00ecf