aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMattias Andrée <maandree@operamail.com>2014-05-23 14:41:04 +0200
committerMattias Andrée <maandree@operamail.com>2014-05-23 14:41:04 +0200
commitc119aa19a9147d104db2f2b5b611604b4f07f6b3 (patch)
tree0174a5f706d6447d1152b6e06d248c32ad699c6c
parentfix warnings (diff)
downloadlibpassphrase-c119aa19a9147d104db2f2b5b611604b4f07f6b3.tar.gz
libpassphrase-c119aa19a9147d104db2f2b5b611604b4f07f6b3.tar.bz2
libpassphrase-c119aa19a9147d104db2f2b5b611604b4f07f6b3.tar.xz
add passphrase_wipe
Signed-off-by: Mattias Andrée <maandree@operamail.com>
-rw-r--r--src/passphrase.c26
-rw-r--r--src/passphrase.h8
2 files changed, 30 insertions, 4 deletions
diff --git a/src/passphrase.c b/src/passphrase.c
index 86cc54c..2b3da0e 100644
--- a/src/passphrase.c
+++ b/src/passphrase.c
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <termios.h>
#include <unistd.h>
+#include <signal.h>
#include "passphrase.h"
@@ -43,8 +44,7 @@ static char* xrealloc(char* array, size_t cur_size, size_t new_size)
if (rc)
for (i = 0; i < cur_size; i++)
*(rc + i) = *(array + i);
- for (i = 0; i < cur_size; i++)
- *(array + i) = 0;
+ passphrase_wipe(array, cur_size);
free(array);
return rc;
}
@@ -192,8 +192,7 @@ char* passphrase_read(void)
n++;
for (i = point + n; i < len; i++)
*(rc + i - n) = *(rc + i);
- for (i = len - n; i < len; i++)
- *(rc + i) = 0;
+ passphrase_wipe(rc + len - n, n);
len -= n;
n = 0;
while (cn & 0x80)
@@ -358,6 +357,25 @@ char* passphrase_read(void)
/* Must positively absolutely not be flagged as possible to optimise away as it depends on configurations,
and programs that uses this library must not be forced to be recompiled if the library is reconfigured. */
+
+/**
+ * Used to make sure that `passphrase_wipe` is not optimised away even within this library
+ */
+volatile sig_atomic_t passphrase_wipe_volatile = 1;
+
+/**
+ * Forcable write NUL characters to a passphrase
+ *
+ * @param ptr The password to wipe
+ * @param n The number of characters to wipe
+ */
+void passphrase_wipe(char* ptr, size_t n)
+{
+ size_t i;
+ for (i = 0; (i < n) && passphrase_wipe_volatile; i++)
+ *(ptr + i) = 0;
+}
+
/**
* Disable echoing and do anything else to the terminal settnings `passphrase_read` requires
*/
diff --git a/src/passphrase.h b/src/passphrase.h
index 932b6e5..0731404 100644
--- a/src/passphrase.h
+++ b/src/passphrase.h
@@ -28,6 +28,14 @@
extern char* passphrase_read(void);
/**
+ * Forcable write NUL characters to a passphrase
+ *
+ * @param ptr The password to wipe
+ * @param n The number of characters to wipe
+ */
+extern void passphrase_wipe(char* ptr, size_t n) __attribute__((optimize("-O0")));
+
+/**
* Disable echoing and do anything else to the terminal settnings `passphrase_read` requires
*/
extern void passphrase_disable_echo(void);