From 27776a1d97e1375d8d1b229f7128243738a41b4a Mon Sep 17 00:00:00 2001 From: Antonio Cardace Date: Wed, 18 Dec 2019 13:42:06 +0100 Subject: common: readline: fix memory leak of plain text secret After a user entered a secret it would get stored in the readline history data structure (in plain text) and eventually get leaked. This commit instructs readline to not store any secret in its history. --- clients/cli/common.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/clients/cli/common.c b/clients/cli/common.c index b5e684cecb..326d7da530 100644 --- a/clients/cli/common.c +++ b/clients/cli/common.c @@ -1005,7 +1005,7 @@ nmc_readline_echo (const NmcConfig *nmc_config, va_list args; gs_free char *prompt = NULL; char *str; - HISTORY_STATE *saved_history; + gs_free HISTORY_STATE *saved_history = NULL; HISTORY_STATE passwd_history = { 0, }; va_start (args, prompt_fmt); @@ -1018,6 +1018,10 @@ nmc_readline_echo (const NmcConfig *nmc_config, if (!echo_on) { saved_history = history_get_history_state (); history_set_history_state (&passwd_history); + /* stifling history is important as it tells readline to + * not store anything, otherwise sensitive data could be + * leaked */ + stifle_history (0); rl_redisplay_function = nmc_secret_redisplay; } -- cgit v1.2.1