clear passwords with explicit_bzero

Make sure to explicitly clear memory that is used for password input. memset
is often optimized out by the compiler.

Brought to attention by the OpenBSD community, see:
https://marc.info/?t=146989502600003&r=1&w=2
Thread subject: x11/slock: clear passwords with explicit_bzero

Changes:

- explicit_bzero.c import from libressl-portable.
- Makefile: add COMPATSRC for compatibility src.
- config.mk: add separate *BSD section in config.mk to simply uncomment it on
  these platforms.
This commit is contained in:
Hiltjo Posthuma 2016-07-31 13:43:00 +02:00
parent 65b8d52788
commit a7afade170
5 changed files with 34 additions and 5 deletions

View file

@ -3,7 +3,7 @@
include config.mk include config.mk
SRC = slock.c SRC = slock.c ${COMPATSRC}
OBJ = ${SRC:.c=.o} OBJ = ${SRC:.c=.o}
all: options slock all: options slock
@ -35,8 +35,8 @@ clean:
dist: clean dist: clean
@echo creating dist tarball @echo creating dist tarball
@mkdir -p slock-${VERSION} @mkdir -p slock-${VERSION}
@cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \ @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \
slock-${VERSION} explicit_bzero.c slock.1 slock-${VERSION}
@tar -cf slock-${VERSION}.tar slock-${VERSION} @tar -cf slock-${VERSION}.tar slock-${VERSION}
@gzip slock-${VERSION}.tar @gzip slock-${VERSION}.tar
@rm -rf slock-${VERSION} @rm -rf slock-${VERSION}

View file

@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS} CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
LDFLAGS = -s ${LIBS} LDFLAGS = -s ${LIBS}
COMPATSRC = explicit_bzero.c
# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
# On OpenBSD and Darwin remove -lcrypt from LIBS # On OpenBSD and Darwin remove -lcrypt from LIBS
#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
#COMPATSRC =
# compiler and linker # compiler and linker
CC = cc CC = cc

19
explicit_bzero.c Normal file
View file

@ -0,0 +1,19 @@
/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
/*
* Public domain.
* Written by Matthew Dempsky.
*/
#include <string.h>
__attribute__((weak)) void
__explicit_bzero_hook(void *buf, size_t len)
{
}
void
explicit_bzero(void *buf, size_t len)
{
memset(buf, 0, len);
__explicit_bzero_hook(buf, len);
}

View file

@ -23,6 +23,8 @@
#include <bsd_auth.h> #include <bsd_auth.h>
#endif #endif
#include "util.h"
enum { enum {
INIT, INIT,
INPUT, INPUT,
@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws)
* timeout. */ * timeout. */
while (running && !XNextEvent(dpy, &ev)) { while (running && !XNextEvent(dpy, &ev)) {
if (ev.type == KeyPress) { if (ev.type == KeyPress) {
buf[0] = 0; explicit_bzero(&buf, sizeof(buf));
num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0); num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
if (IsKeypadKey(ksym)) { if (IsKeypadKey(ksym)) {
if (ksym == XK_KP_Enter) if (ksym == XK_KP_Enter)
@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws)
XBell(dpy, 100); XBell(dpy, 100);
failure = True; failure = True;
} }
explicit_bzero(&passwd, sizeof(passwd));
len = 0; len = 0;
break; break;
case XK_Escape: case XK_Escape:
explicit_bzero(&passwd, sizeof(passwd));
len = 0; len = 0;
break; break;
case XK_BackSpace: case XK_BackSpace:
if (len) if (len)
--len; passwd[len--] = 0;
break; break;
default: default:
if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) { if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {

2
util.h Normal file
View file

@ -0,0 +1,2 @@
#undef explicit_bzero
void explicit_bzero(void *, size_t);