aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/passphrase.c26
-rw-r--r--src/passphrase.h8
2 files changed, 30 insertions, 4 deletions
diff --git a/src/passphrase.c b/src/passphrase.c
index 86cc54c..2b3da0e 100644
--- a/src/passphrase.c
+++ b/src/passphrase.c
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <termios.h>
#include <unistd.h>
+#include <signal.h>
#include "passphrase.h"
@@ -43,8 +44,7 @@ static char* xrealloc(char* array, size_t cur_size, size_t new_size)
if (rc)
for (i = 0; i < cur_size; i++)
*(rc + i) = *(array + i);
- for (i = 0; i < cur_size; i++)
- *(array + i) = 0;
+ passphrase_wipe(array, cur_size);
free(array);
return rc;
}
@@ -192,8 +192,7 @@ char* passphrase_read(void)
n++;
for (i = point + n; i < len; i++)
*(rc + i - n) = *(rc + i);
- for (i = len - n; i < len; i++)
- *(rc + i) = 0;
+ passphrase_wipe(rc + len - n, n);
len -= n;
n = 0;
while (cn & 0x80)
@@ -358,6 +357,25 @@ char* passphrase_read(void)
/* Must positively absolutely not be flagged as possible to optimise away as it depends on configurations,
and programs that uses this library must not be forced to be recompiled if the library is reconfigured. */
+
+/**
+ * Used to make sure that `passphrase_wipe` is not optimised away even within this library
+ */
+volatile sig_atomic_t passphrase_wipe_volatile = 1;
+
+/**
+ * Forcable write NUL characters to a passphrase
+ *
+ * @param ptr The password to wipe
+ * @param n The number of characters to wipe
+ */
+void passphrase_wipe(char* ptr, size_t n)
+{
+ size_t i;
+ for (i = 0; (i < n) && passphrase_wipe_volatile; i++)
+ *(ptr + i) = 0;
+}
+
/**
* Disable echoing and do anything else to the terminal settnings `passphrase_read` requires
*/
diff --git a/src/passphrase.h b/src/passphrase.h
index 932b6e5..0731404 100644
--- a/src/passphrase.h
+++ b/src/passphrase.h
@@ -28,6 +28,14 @@
extern char* passphrase_read(void);
/**
+ * Forcable write NUL characters to a passphrase
+ *
+ * @param ptr The password to wipe
+ * @param n The number of characters to wipe
+ */
+extern void passphrase_wipe(char* ptr, size_t n) __attribute__((optimize("-O0")));
+
+/**
* Disable echoing and do anything else to the terminal settnings `passphrase_read` requires
*/
extern void passphrase_disable_echo(void);