From 6bae9b2abb8a9d04cf7b38b6d343b305f09fecf3 Mon Sep 17 00:00:00 2001
From: Lucas Werkmeister <mail@lucaswerkmeister.de>
Date: Sun, 15 Jan 2017 05:03:00 +0100
Subject: journalctl: expunge verification key from argv (#5081)

After parsing the --verify-key argument, overwrite it with null bytes.
This minimizes (but does not completely eliminate) the time frame within
which another process on the system can extract the verification key
from the journalctl command line.
---
 src/journal/journalctl.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index ecd1e94a33..73204b3753 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -103,7 +103,7 @@ static const char *arg_directory = NULL;
 static char **arg_file = NULL;
 static bool arg_file_stdin = false;
 static int arg_priorities = 0xFF;
-static const char *arg_verify_key = NULL;
+static char *arg_verify_key = NULL;
 #ifdef HAVE_GCRYPT
 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
 static bool arg_force = false;
@@ -683,8 +683,11 @@ static int parse_argv(int argc, char *argv[]) {
 
                 case ARG_VERIFY_KEY:
                         arg_action = ACTION_VERIFY;
-                        arg_verify_key = optarg;
+                        arg_verify_key = strdup(optarg);
+                        if (!arg_verify_key)
+                                return -ENOMEM;
                         arg_merge = false;
+                        string_erase(optarg);
                         break;
 
                 case ARG_INTERVAL:
@@ -2621,6 +2624,7 @@ finish:
         strv_free(arg_user_units);
 
         free(arg_root);
+        free(arg_verify_key);
 
         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 }
-- 
cgit v1.2.3-54-g00ecf