From 681f1e43afe9fdbc5c253ff603bcd9af447e7eb9 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@operamail.com>
Date: Fri, 23 May 2014 14:51:28 +0200
Subject: forcable wipe the passphrase
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@operamail.com>
---
 src/cerberus.c | 36 +++++++++++++++++++++++++++++-------
 src/cerberus.h |  2 ++
 2 files changed, 31 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/cerberus.c b/src/cerberus.c
index a67a9ef..c70fb70 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -18,6 +18,8 @@
  */
 #include "cerberus.h"
 
+#include <string.h>
+
 /* TODO use log */
 
 
@@ -253,13 +255,7 @@ void do_login(int argc, char** argv)
   alarm(0);
   
   /* Wipe and free the passphrase from the memory */
-  if (passphrase)
-    {
-      long i;
-      for (i = 0; *(passphrase + i); i++)
-	*(passphrase + i) = 0;
-      free(passphrase);
-    }
+  destroy_passphrase();
   
   /* Reset terminal settings */
   passphrase_reenable_echo();
@@ -340,3 +336,29 @@ char* read_passphrase(void)
 }
 #endif
 
+
+# pragma GCC optimize "-O0"
+
+
+/**
+ * Wipe and free the passphrase if it is allocated
+ */
+void destroy_passphrase(void)
+{
+  if (passphrase)
+    {
+      passphrase_wipe(passphrase, strlen(passphrase));
+      free(passphrase);
+      passphrase = NULL;
+    }
+}
+
+
+/**
+ * Wipe the passphrase when the program exits
+ */
+static __attribute__((destructor)) void passphrase_destructor(void)
+{
+  destroy_passphrase();
+}
+
diff --git a/src/cerberus.h b/src/cerberus.h
index cabc0e9..4737a97 100644
--- a/src/cerberus.h
+++ b/src/cerberus.h
@@ -59,6 +59,8 @@ char* read_passphrase(void);
 #define read_passphrase  NULL
 #endif
 
+void destroy_passphrase(void) __attribute__((optimize("-O0")));
+
 
 #endif
 
-- 
cgit v1.2.3-70-g09d2