Make sure to explicitly clear memory that is used for password input. memset
is often optimized out by the compiler.
Brought to attention by the OpenBSD community, see:
https://marc.info/?t=
146989502600003&r=1&w=2
Thread subject: x11/slock: clear passwords with explicit_bzero
Changes:
- explicit_bzero.c import from libressl-portable.
- Makefile: add COMPATSRC for compatibility src.
- config.mk: add separate *BSD section in config.mk to simply uncomment it on
these platforms.
include config.mk
-SRC = slock.c
+SRC = slock.c ${COMPATSRC}
OBJ = ${SRC:.c=.o}
all: options slock
dist: clean
@echo creating dist tarball
@mkdir -p slock-${VERSION}
- @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \
- slock-${VERSION}
+ @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \
+ explicit_bzero.c slock.1 slock-${VERSION}
@tar -cf slock-${VERSION}.tar slock-${VERSION}
@gzip slock-${VERSION}.tar
@rm -rf slock-${VERSION}
CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
LDFLAGS = -s ${LIBS}
+COMPATSRC = explicit_bzero.c
# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
# On OpenBSD and Darwin remove -lcrypt from LIBS
+#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
+#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
+#COMPATSRC =
# compiler and linker
CC = cc
--- /dev/null
+/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <string.h>
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+ memset(buf, 0, len);
+ __explicit_bzero_hook(buf, len);
+}
#include <bsd_auth.h>
#endif
+#include "util.h"
+
enum {
INIT,
INPUT,
* timeout. */
while (running && !XNextEvent(dpy, &ev)) {
if (ev.type == KeyPress) {
- buf[0] = 0;
+ explicit_bzero(&buf, sizeof(buf));
num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
if (IsKeypadKey(ksym)) {
if (ksym == XK_KP_Enter)
XBell(dpy, 100);
failure = True;
}
+ explicit_bzero(&passwd, sizeof(passwd));
len = 0;
break;
case XK_Escape:
+ explicit_bzero(&passwd, sizeof(passwd));
len = 0;
break;
case XK_BackSpace:
if (len)
- --len;
+ passwd[len--] = 0;
break;
default:
if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
--- /dev/null
+#undef explicit_bzero
+void explicit_bzero(void *, size_t);