do not use realloc by default, it is bad security

Signed-off-by: Mattias Andrée <maandree@operamail.com>

2 files changed, 24 insertions, 4 deletions

diff --git a/Makefile b/Makefile
index 7854a06..5259633 100644
--- a/Makefile
+++ b/Makefile
@@ -3,8 +3,9 @@ LIB = /lib
 INCLUDE = /include
 
 OPTIONS = 
-# PASSPHRASE_ECHO: Do not hide the passphrase
-# PASSPHRASE_STAR: Use '*' for each character instead of no echo
+# PASSPHRASE_ECHO:    Do not hide the passphrase
+# PASSPHRASE_STAR:    Use '*' for each character instead of no echo
+# PASSPHRASE_REALLOC: Soften security by using `realloc`
 
 OPTIMISE = -Os
 CPPFLAGS = $(foreach D, $(OPTIONS), -D'$(D)=1')
diff --git a/src/passphrase.c b/src/passphrase.c
index 94922e4..ae7ad36 100644
--- a/src/passphrase.c
+++ b/src/passphrase.c
@@ -78,8 +78,27 @@ char* passphrase_read(void)
 #endif
 	  *(rc + len++) = c;
 	  if (len == size)
-	    if ((rc = realloc(rc, (size <<= 1L) * sizeof(char))) == NULL)
-	      return NULL;
+	    {
+#ifndef PASSPHRASE_REALLOC
+	      char* rc_2 = malloc((size <<= 1L) * sizeof(char));
+	      int i;
+	      if (rc_2)
+		{
+		  for (i = 0; i < len; i++)
+		    *(rc_2 + i) = *(rc + i);
+		}
+	      for (i = 0; i < len; i++)
+		*(rc + i) = 0;
+	      free(rc);
+	      if (rc_2 == NULL)
+		return rc_2;
+	      rc = rc_2;
+#else
+	      rc = realloc(rc, (size <<= 1L) * sizeof(char));
+	      if (rc == NULL)
+		return NULL;
+#endif
+	    }
 	}
     }