diff options
author | Mattias Andrée <maandree@operamail.com> | 2013-11-22 11:03:34 +0100 |
---|---|---|
committer | Mattias Andrée <maandree@operamail.com> | 2013-11-22 11:03:34 +0100 |
commit | 2b7dd9295829f479feb26b2462fb83a4c6ca30a6 (patch) | |
tree | 87caa2e80efab060a107fdea3b1b4e17d1ce7d5d | |
parent | add option to print * for each char (diff) | |
download | libpassphrase-2b7dd9295829f479feb26b2462fb83a4c6ca30a6.tar.gz libpassphrase-2b7dd9295829f479feb26b2462fb83a4c6ca30a6.tar.bz2 libpassphrase-2b7dd9295829f479feb26b2462fb83a4c6ca30a6.tar.xz |
do not use realloc by default, it is bad security
Signed-off-by: Mattias Andrée <maandree@operamail.com>
-rw-r--r-- | Makefile | 5 | ||||
-rw-r--r-- | src/passphrase.c | 23 |
2 files changed, 24 insertions, 4 deletions
@@ -3,8 +3,9 @@ LIB = /lib INCLUDE = /include OPTIONS = -# PASSPHRASE_ECHO: Do not hide the passphrase -# PASSPHRASE_STAR: Use '*' for each character instead of no echo +# PASSPHRASE_ECHO: Do not hide the passphrase +# PASSPHRASE_STAR: Use '*' for each character instead of no echo +# PASSPHRASE_REALLOC: Soften security by using `realloc` OPTIMISE = -Os CPPFLAGS = $(foreach D, $(OPTIONS), -D'$(D)=1') diff --git a/src/passphrase.c b/src/passphrase.c index 94922e4..ae7ad36 100644 --- a/src/passphrase.c +++ b/src/passphrase.c @@ -78,8 +78,27 @@ char* passphrase_read(void) #endif *(rc + len++) = c; if (len == size) - if ((rc = realloc(rc, (size <<= 1L) * sizeof(char))) == NULL) - return NULL; + { +#ifndef PASSPHRASE_REALLOC + char* rc_2 = malloc((size <<= 1L) * sizeof(char)); + int i; + if (rc_2) + { + for (i = 0; i < len; i++) + *(rc_2 + i) = *(rc + i); + } + for (i = 0; i < len; i++) + *(rc + i) = 0; + free(rc); + if (rc_2 == NULL) + return rc_2; + rc = rc_2; +#else + rc = realloc(rc, (size <<= 1L) * sizeof(char)); + if (rc == NULL) + return NULL; +#endif + } } } |