clear passwords with explicit_bzero
Make sure to explicitly clear memory that is used for password input. memset is often optimized out by the compiler. Brought to attention by the OpenBSD community, see: https://marc.info/?t=146989502600003&r=1&w=2 Thread subject: x11/slock: clear passwords with explicit_bzero Changes: - explicit_bzero.c import from libressl-portable. - Makefile: add COMPATSRC for compatibility src. - config.mk: add separate *BSD section in config.mk to simply uncomment it on these platforms.
This commit is contained in:
parent
65b8d52788
commit
a7afade170
5 changed files with 34 additions and 5 deletions
6
Makefile
6
Makefile
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
include config.mk
|
include config.mk
|
||||||
|
|
||||||
SRC = slock.c
|
SRC = slock.c ${COMPATSRC}
|
||||||
OBJ = ${SRC:.c=.o}
|
OBJ = ${SRC:.c=.o}
|
||||||
|
|
||||||
all: options slock
|
all: options slock
|
||||||
|
@ -35,8 +35,8 @@ clean:
|
||||||
dist: clean
|
dist: clean
|
||||||
@echo creating dist tarball
|
@echo creating dist tarball
|
||||||
@mkdir -p slock-${VERSION}
|
@mkdir -p slock-${VERSION}
|
||||||
@cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \
|
@cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \
|
||||||
slock-${VERSION}
|
explicit_bzero.c slock.1 slock-${VERSION}
|
||||||
@tar -cf slock-${VERSION}.tar slock-${VERSION}
|
@tar -cf slock-${VERSION}.tar slock-${VERSION}
|
||||||
@gzip slock-${VERSION}.tar
|
@gzip slock-${VERSION}.tar
|
||||||
@rm -rf slock-${VERSION}
|
@rm -rf slock-${VERSION}
|
||||||
|
|
|
@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
|
||||||
CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
|
CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
|
||||||
CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
|
CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
|
||||||
LDFLAGS = -s ${LIBS}
|
LDFLAGS = -s ${LIBS}
|
||||||
|
COMPATSRC = explicit_bzero.c
|
||||||
|
|
||||||
# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
|
# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
|
||||||
# On OpenBSD and Darwin remove -lcrypt from LIBS
|
# On OpenBSD and Darwin remove -lcrypt from LIBS
|
||||||
|
#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
|
||||||
|
#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
|
||||||
|
#COMPATSRC =
|
||||||
|
|
||||||
# compiler and linker
|
# compiler and linker
|
||||||
CC = cc
|
CC = cc
|
||||||
|
|
19
explicit_bzero.c
Normal file
19
explicit_bzero.c
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
|
||||||
|
/*
|
||||||
|
* Public domain.
|
||||||
|
* Written by Matthew Dempsky.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
__attribute__((weak)) void
|
||||||
|
__explicit_bzero_hook(void *buf, size_t len)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
explicit_bzero(void *buf, size_t len)
|
||||||
|
{
|
||||||
|
memset(buf, 0, len);
|
||||||
|
__explicit_bzero_hook(buf, len);
|
||||||
|
}
|
8
slock.c
8
slock.c
|
@ -23,6 +23,8 @@
|
||||||
#include <bsd_auth.h>
|
#include <bsd_auth.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include "util.h"
|
||||||
|
|
||||||
enum {
|
enum {
|
||||||
INIT,
|
INIT,
|
||||||
INPUT,
|
INPUT,
|
||||||
|
@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws)
|
||||||
* timeout. */
|
* timeout. */
|
||||||
while (running && !XNextEvent(dpy, &ev)) {
|
while (running && !XNextEvent(dpy, &ev)) {
|
||||||
if (ev.type == KeyPress) {
|
if (ev.type == KeyPress) {
|
||||||
buf[0] = 0;
|
explicit_bzero(&buf, sizeof(buf));
|
||||||
num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
|
num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
|
||||||
if (IsKeypadKey(ksym)) {
|
if (IsKeypadKey(ksym)) {
|
||||||
if (ksym == XK_KP_Enter)
|
if (ksym == XK_KP_Enter)
|
||||||
|
@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws)
|
||||||
XBell(dpy, 100);
|
XBell(dpy, 100);
|
||||||
failure = True;
|
failure = True;
|
||||||
}
|
}
|
||||||
|
explicit_bzero(&passwd, sizeof(passwd));
|
||||||
len = 0;
|
len = 0;
|
||||||
break;
|
break;
|
||||||
case XK_Escape:
|
case XK_Escape:
|
||||||
|
explicit_bzero(&passwd, sizeof(passwd));
|
||||||
len = 0;
|
len = 0;
|
||||||
break;
|
break;
|
||||||
case XK_BackSpace:
|
case XK_BackSpace:
|
||||||
if (len)
|
if (len)
|
||||||
--len;
|
passwd[len--] = 0;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
|
if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
|
||||||
|
|
2
util.h
Normal file
2
util.h
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
#undef explicit_bzero
|
||||||
|
void explicit_bzero(void *, size_t);
|
Loading…
Reference in a new issue