aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMattias Andrée <maandree@operamail.com>2013-11-22 11:03:34 +0100
committerMattias Andrée <maandree@operamail.com>2013-11-22 11:03:34 +0100
commit2b7dd9295829f479feb26b2462fb83a4c6ca30a6 (patch)
tree87caa2e80efab060a107fdea3b1b4e17d1ce7d5d
parentadd option to print * for each char (diff)
downloadlibpassphrase-2b7dd9295829f479feb26b2462fb83a4c6ca30a6.tar.gz
libpassphrase-2b7dd9295829f479feb26b2462fb83a4c6ca30a6.tar.bz2
libpassphrase-2b7dd9295829f479feb26b2462fb83a4c6ca30a6.tar.xz
do not use realloc by default, it is bad security
Signed-off-by: Mattias Andrée <maandree@operamail.com>
-rw-r--r--Makefile5
-rw-r--r--src/passphrase.c23
2 files changed, 24 insertions, 4 deletions
diff --git a/Makefile b/Makefile
index 7854a06..5259633 100644
--- a/Makefile
+++ b/Makefile
@@ -3,8 +3,9 @@ LIB = /lib
INCLUDE = /include
OPTIONS =
-# PASSPHRASE_ECHO: Do not hide the passphrase
-# PASSPHRASE_STAR: Use '*' for each character instead of no echo
+# PASSPHRASE_ECHO: Do not hide the passphrase
+# PASSPHRASE_STAR: Use '*' for each character instead of no echo
+# PASSPHRASE_REALLOC: Soften security by using `realloc`
OPTIMISE = -Os
CPPFLAGS = $(foreach D, $(OPTIONS), -D'$(D)=1')
diff --git a/src/passphrase.c b/src/passphrase.c
index 94922e4..ae7ad36 100644
--- a/src/passphrase.c
+++ b/src/passphrase.c
@@ -78,8 +78,27 @@ char* passphrase_read(void)
#endif
*(rc + len++) = c;
if (len == size)
- if ((rc = realloc(rc, (size <<= 1L) * sizeof(char))) == NULL)
- return NULL;
+ {
+#ifndef PASSPHRASE_REALLOC
+ char* rc_2 = malloc((size <<= 1L) * sizeof(char));
+ int i;
+ if (rc_2)
+ {
+ for (i = 0; i < len; i++)
+ *(rc_2 + i) = *(rc + i);
+ }
+ for (i = 0; i < len; i++)
+ *(rc + i) = 0;
+ free(rc);
+ if (rc_2 == NULL)
+ return rc_2;
+ rc = rc_2;
+#else
+ rc = realloc(rc, (size <<= 1L) * sizeof(char));
+ if (rc == NULL)
+ return NULL;
+#endif
+ }
}
}