aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHiltjo Posthuma <hiltjo@codemadness.org>2016-07-31 13:43:00 +0200
committerHiltjo Posthuma <hiltjo@codemadness.org>2016-08-13 09:58:00 +0200
commita7afade1701a809f6a33b53525d59dd29b38d381 (patch)
tree45bb7250f76f0ed0261354ae313c4f0c3a561eb6
parent65b8d5278882310eed758e6fbfd6ab9676db883c (diff)
clear passwords with explicit_bzero
Make sure to explicitly clear memory that is used for password input. memset is often optimized out by the compiler. Brought to attention by the OpenBSD community, see: https://marc.info/?t=146989502600003&r=1&w=2 Thread subject: x11/slock: clear passwords with explicit_bzero Changes: - explicit_bzero.c import from libressl-portable. - Makefile: add COMPATSRC for compatibility src. - config.mk: add separate *BSD section in config.mk to simply uncomment it on these platforms.
Diffstat
-rw-r--r--Makefile6
-rw-r--r--config.mk4
-rw-r--r--explicit_bzero.c19
-rw-r--r--slock.c8
-rw-r--r--util.h2
5 files changed, 34 insertions, 5 deletions
diff --git a/Makefile b/Makefile
index 86b3437..8b3e248 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@
3 3
4include config.mk 4include config.mk
5 5
6SRC = slock.c 6SRC = slock.c ${COMPATSRC}
7OBJ = ${SRC:.c=.o} 7OBJ = ${SRC:.c=.o}
8 8
9all: options slock 9all: options slock
@@ -35,8 +35,8 @@ clean:
35dist: clean 35dist: clean
36 @echo creating dist tarball 36 @echo creating dist tarball
37 @mkdir -p slock-${VERSION} 37 @mkdir -p slock-${VERSION}
38 @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \ 38 @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \
39 slock-${VERSION} 39 explicit_bzero.c slock.1 slock-${VERSION}
40 @tar -cf slock-${VERSION}.tar slock-${VERSION} 40 @tar -cf slock-${VERSION}.tar slock-${VERSION}
41 @gzip slock-${VERSION}.tar 41 @gzip slock-${VERSION}.tar
42 @rm -rf slock-${VERSION} 42 @rm -rf slock-${VERSION}
diff --git a/config.mk b/config.mk
index f93879e..3afc061 100644
--- a/config.mk
+++ b/config.mk
@@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
18CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H 18CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
19CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS} 19CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
20LDFLAGS = -s ${LIBS} 20LDFLAGS = -s ${LIBS}
21COMPATSRC = explicit_bzero.c
21 22
22# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH 23# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
23# On OpenBSD and Darwin remove -lcrypt from LIBS 24# On OpenBSD and Darwin remove -lcrypt from LIBS
25#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
26#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
27#COMPATSRC =
24 28
25# compiler and linker 29# compiler and linker
26CC = cc 30CC = cc
diff --git a/explicit_bzero.c b/explicit_bzero.c
new file mode 100644
index 0000000..3e33ca8
--- /dev/null
+++ b/explicit_bzero.c
@@ -0,0 +1,19 @@
1/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
2/*
3 * Public domain.
4 * Written by Matthew Dempsky.
5 */
6
7#include <string.h>
8
9__attribute__((weak)) void
10__explicit_bzero_hook(void *buf, size_t len)
11{
12}
13
14void
15explicit_bzero(void *buf, size_t len)
16{
17 memset(buf, 0, len);
18 __explicit_bzero_hook(buf, len);
19}
diff --git a/slock.c b/slock.c
index c9cdee2..a00fbb9 100644
--- a/slock.c
+++ b/slock.c
@@ -23,6 +23,8 @@
23#include <bsd_auth.h> 23#include <bsd_auth.h>
24#endif 24#endif
25 25
26#include "util.h"
27
26enum { 28enum {
27 INIT, 29 INIT,
28 INPUT, 30 INPUT,
@@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws)
135 * timeout. */ 137 * timeout. */
136 while (running && !XNextEvent(dpy, &ev)) { 138 while (running && !XNextEvent(dpy, &ev)) {
137 if (ev.type == KeyPress) { 139 if (ev.type == KeyPress) {
138 buf[0] = 0; 140 explicit_bzero(&buf, sizeof(buf));
139 num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0); 141 num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
140 if (IsKeypadKey(ksym)) { 142 if (IsKeypadKey(ksym)) {
141 if (ksym == XK_KP_Enter) 143 if (ksym == XK_KP_Enter)
@@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws)
161 XBell(dpy, 100); 163 XBell(dpy, 100);
162 failure = True; 164 failure = True;
163 } 165 }
166 explicit_bzero(&passwd, sizeof(passwd));
164 len = 0; 167 len = 0;
165 break; 168 break;
166 case XK_Escape: 169 case XK_Escape:
170 explicit_bzero(&passwd, sizeof(passwd));
167 len = 0; 171 len = 0;
168 break; 172 break;
169 case XK_BackSpace: 173 case XK_BackSpace:
170 if (len) 174 if (len)
171 --len; 175 passwd[len--] = 0;
172 break; 176 break;
173 default: 177 default:
174 if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) { 178 if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
diff --git a/util.h b/util.h
new file mode 100644
index 0000000..6f748b8
--- /dev/null
+++ b/util.h
@@ -0,0 +1,2 @@
1#undef explicit_bzero
2void explicit_bzero(void *, size_t);