From acfdda6c7fbfdb376613b47b5980642877e1e25c Mon Sep 17 00:00:00 2001 From: Tom Hacohen Date: Tue, 21 Apr 2015 10:07:42 +0100 Subject: E auth: improve clearing out passwords from memory. Optimising compilers (like gcc/clang with -O1 or above) were optimising out the memset(). Until link time optimisations are good enough, this will prevent them from doing so. The best solution would be to use memset_s() (c11), though it's not readily available yet. This is the first step towards using memset_s() with a fallback for systems who don't have it. A better solution, is to put it in Eina, to prevent LTO completely. This will have to be done after the EFL release. Even this is not entirely safe though, but at least it protects us from some memory disclosure issues. This doesn't solve the fact that we may store a copy of the password in other places, like the input system. We need to address that too. Thanks to Matthew Garrett for pointing this out or Twitter. --- src/modules/lokker/lokker.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src/modules') diff --git a/src/modules/lokker/lokker.c b/src/modules/lokker/lokker.c index fdc75178d0..a9ecfbf4a2 100644 --- a/src/modules/lokker/lokker.c +++ b/src/modules/lokker/lokker.c @@ -96,10 +96,8 @@ _text_passwd_update(void) static void _lokker_null(void) { - memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN); - /* break compiler optimization */ - if (edd->passwd[0] || edd->passwd[3]) - fprintf(stderr, "ACK!\n"); + e_util_memclear(edd->passwd, PASSWD_LEN); + _text_passwd_update(); } -- cgit v1.2.1