common: readline: fix memory leak of plain text secret

After a user entered a secret it would get stored in the readline history data structure (in plain text) and eventually get leaked. This commit instructs readline to not store any secret in its history and fixes a non-related memory leak.
author: Antonio Cardace <acardace@redhat.com> 2019-12-18 13:42:06 +0100
committer: Antonio Cardace <acardace@redhat.com> 2019-12-18 16:14:48 +0100
commit: 725cc687106d6450bf6d6878e7d2936ddc56bca9 (patch)
tree: 89d40f3671a17bc4d5c0c43e6c1e30712e68a6c3
parent: cfc418f8876a7adab0e23bbd10fe9725c7b60b2e (diff)
download: NetworkManager-725cc687106d6450bf6d6878e7d2936ddc56bca9.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/clients/cli/common.c b/clients/cli/common.c
index b5e684cecb..58879f6a51 100644
--- a/clients/cli/common.c
+++ b/clients/cli/common.c
@@ -1005,7 +1005,7 @@ nmc_readline_echo (const NmcConfig *nmc_config,
 	va_list args;
 	gs_free char *prompt = NULL;
 	char *str;
-	HISTORY_STATE *saved_history;
+	nm_auto_free HISTORY_STATE *saved_history = NULL;
 	HISTORY_STATE passwd_history = { 0, };
 
 	va_start (args, prompt_fmt);
@@ -1018,6 +1018,10 @@ nmc_readline_echo (const NmcConfig *nmc_config,
 	if (!echo_on) {
 		saved_history = history_get_history_state ();
 		history_set_history_state (&passwd_history);
+		/* stifling history is important as it tells readline to
+		 * not store anything, otherwise sensitive data could be
+		 * leaked */
+		stifle_history (0);
 		rl_redisplay_function = nmc_secret_redisplay;
 	}
author	Antonio Cardace <acardace@redhat.com>	2019-12-18 13:42:06 +0100
committer	Antonio Cardace <acardace@redhat.com>	2019-12-18 16:14:48 +0100
commit	725cc687106d6450bf6d6878e7d2936ddc56bca9 (patch)
tree	89d40f3671a17bc4d5c0c43e6c1e30712e68a6c3
parent	cfc418f8876a7adab0e23bbd10fe9725c7b60b2e (diff)
download	NetworkManager-725cc687106d6450bf6d6878e7d2936ddc56bca9.tar.gz