From c119aa19a9147d104db2f2b5b611604b4f07f6b3 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@operamail.com>
Date: Fri, 23 May 2014 14:41:04 +0200
Subject: add passphrase_wipe
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@operamail.com>
---
 src/passphrase.c | 26 ++++++++++++++++++++++----
 src/passphrase.h |  8 ++++++++
 2 files changed, 30 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/passphrase.c b/src/passphrase.c
index 86cc54c..2b3da0e 100644
--- a/src/passphrase.c
+++ b/src/passphrase.c
@@ -20,6 +20,7 @@
 #include <stdio.h>
 #include <termios.h>
 #include <unistd.h>
+#include <signal.h>
 
 #include "passphrase.h"
 
@@ -43,8 +44,7 @@ static char* xrealloc(char* array, size_t cur_size, size_t new_size)
   if (rc)
     for (i = 0; i < cur_size; i++)
 	*(rc + i) = *(array + i);
-  for (i = 0; i < cur_size; i++)
-    *(array + i) = 0;
+  passphrase_wipe(array, cur_size);
   free(array);
   return rc;
 }
@@ -192,8 +192,7 @@ char* passphrase_read(void)
 		      n++;
 		    for (i = point + n; i < len; i++)
 		      *(rc + i - n) = *(rc + i);
-		    for (i = len - n; i < len; i++)
-		      *(rc + i) = 0;
+		    passphrase_wipe(rc + len - n, n);
 		    len -= n;
 		    n = 0;
 		    while (cn & 0x80)
@@ -358,6 +357,25 @@ char* passphrase_read(void)
 /* Must positively absolutely not be flagged as possible to optimise away as it depends on configurations,
    and programs that uses this library must not be forced to be recompiled if the library is reconfigured. */
 
+
+/**
+ * Used to make sure that `passphrase_wipe` is not optimised away even within this library
+ */
+volatile sig_atomic_t passphrase_wipe_volatile = 1;
+
+/**
+ * Forcable write NUL characters to a passphrase
+ * 
+ * @param  ptr  The password to wipe
+ * @param  n    The number of characters to wipe
+ */
+void passphrase_wipe(char* ptr, size_t n)
+{
+  size_t i;
+  for (i = 0; (i < n) && passphrase_wipe_volatile; i++)
+    *(ptr + i) = 0;
+}
+
 /**
  * Disable echoing and do anything else to the terminal settnings `passphrase_read` requires
  */
diff --git a/src/passphrase.h b/src/passphrase.h
index 932b6e5..0731404 100644
--- a/src/passphrase.h
+++ b/src/passphrase.h
@@ -27,6 +27,14 @@
  */
 extern char* passphrase_read(void);
 
+/**
+ * Forcable write NUL characters to a passphrase
+ * 
+ * @param  ptr  The password to wipe
+ * @param  n    The number of characters to wipe
+ */
+extern void passphrase_wipe(char* ptr, size_t n) __attribute__((optimize("-O0")));
+
 /**
  * Disable echoing and do anything else to the terminal settnings `passphrase_read` requires
  */
-- 
cgit v1.2.3-70-g09d2