Enlightenment CVS committal

Author  : raster
Project : e17
Module  : apps/e

Dir     : e17/apps/e/src/bin


Modified Files:
        e_desklock.c 


Log Message:


more paranoid memset 0 of desklock passwd (and comment them) - this way once
you have authed your passwd wil not live on in memmory 1 cycle longer than it
needs to to get the pam auth done. security nuts shoudl be happy with that.
still need to fix the personal password though...

===================================================================
RCS file: /cvs/e/e17/apps/e/src/bin/e_desklock.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -3 -r1.18 -r1.19
--- e_desklock.c        28 Jul 2006 06:45:00 -0000      1.18
+++ e_desklock.c        1 Aug 2006 04:14:34 -0000       1.19
@@ -433,18 +433,14 @@
 static void
 _e_desklock_passwd_update()
 {
-   int ii;
-   char passwd_hidden[PASSWD_LEN * 3]="";
+   char passwd_hidden[PASSWD_LEN] = "", *p, *pp;
    E_Desklock_Popup_Data       *edp;
    Evas_List *l;
    
    if (!edd) return;
    
-   for (ii = 0; ii < strlen(edd->passwd); ii ++)
-     {
-       passwd_hidden[ii] = '*';
-       passwd_hidden[ii+1] = 0;
-     }
+   for (p = edd->passwd, pp = passwd_hidden; *p; p++, pp++) *pp = '*';
+   *pp = 0;
    
    for (l = edd->elock_wnd_list; l; l = l->next)
      {
@@ -456,9 +452,9 @@
 static void
 _e_desklock_backspace()
 {
-  int len, val, pos;
-
-  if (!edd) return;
+   int len, val, pos;
+   
+   if (!edd) return;
    
    len = strlen(edd->passwd);
    if (len > 0)
@@ -516,6 +512,7 @@
                     e_config->desklock_personal_passwd)))
          {
             /* password ok */
+            /* security - null out passwd string once we are done with it */
             memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
             e_desklock_hide();
             return 1;
@@ -542,12 +539,14 @@
        /* ok */
        if (ev->exit_code == 0)
          {
+            /* security - null out passwd string once we are done with it */
             memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
             e_desklock_hide();
          }
        /* error */
        else if (ev->exit_code < 128)
          {
+            /* security - null out passwd string once we are done with it */
             memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
             e_desklock_hide();
             e_util_dialog_show(_("Authentication System Error"),
@@ -559,6 +558,7 @@
        /* failed auth */
        else
          {
+            /* security - null out passwd string once we are done with it */
             memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
             _e_desklock_passwd_update();
          }
@@ -583,11 +583,18 @@
        /* child */
        int pamerr;
        E_Desklock_Auth da;
-        char *current_user;
+        char *current_user, *p;
 
        current_user = _desklock_auth_get_current_user();
        strncpy(da.user, current_user, PATH_MAX);
        strncpy(da.passwd, passwd, PATH_MAX);
+       /* security - null out passwd string once we are done with it */
+       for (p = (char *)passwd; *p; p++);
+       while (p >= passwd)
+         {
+            *p = 0;
+            p--;
+         }
        da.pam.handle = NULL;
        da.pam.conv.conv = NULL;
        da.pam.conv.appdata_ptr = NULL;
@@ -600,6 +607,7 @@
          }
        pamerr = pam_authenticate(da.pam.handle, 0);
        pam_end(da.pam.handle, pamerr);
+       /* security - null out passwd string once we are done with it */
        memset(da.passwd, 0, sizeof(da.passwd));
        if (pamerr == PAM_SUCCESS)
          {



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-cvs mailing list
enlightenment-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-cvs

Reply via email to