clear passwords with explicit_bzero

Make sure to explicitly clear memory that is used for password input. memset is often optimized out by the compiler. Brought to attention by the OpenBSD community, see: https://marc.info/?t=146989502600003&r=1&w=2 Thread subject: x11/slock: clear passwords with explicit_bzero Changes: - explicit_bzero.c import from libressl-portable. - Makefile: add COMPATSRC for compatibility src. - config.mk: add separate *BSD section in config.mk to simply uncomment it on these platforms.
2016-07-31 13:43:00 +02:00
parent 65b8d52788
commit a7afade170
5 changed files with 34 additions and 5 deletions
--- a/slock.c
+++ b/slock.c
@@ -23,6 +23,8 @@
 #include <bsd_auth.h>
 #endif

+#include "util.h"
+
 enum {
 	INIT,
 	INPUT,
@@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws)
 	 * timeout. */
 	while (running && !XNextEvent(dpy, &ev)) {
 		if (ev.type == KeyPress) {
-			buf[0] = 0;
+			explicit_bzero(&buf, sizeof(buf));
 			num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
 			if (IsKeypadKey(ksym)) {
 				if (ksym == XK_KP_Enter)
@@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws)
 					XBell(dpy, 100);
 					failure = True;
 				}
+				explicit_bzero(&passwd, sizeof(passwd));
 				len = 0;
 				break;
 			case XK_Escape:
+				explicit_bzero(&passwd, sizeof(passwd));
 				len = 0;
 				break;
 			case XK_BackSpace:
 				if (len)
-					--len;
+					passwd[len--] = 0;
 				break;
 			default:
 				if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {