While making the last patch, I noticed ikectl uses getpass. Use
readpassphrase instead and explicit_bzero the buffers.
- Matthew Martin
diff --git ikeca.c ikeca.c
index 69ca076407b..2ec010a5831 100644
--- ikeca.c
+++ ikeca.c
@@ -22,6 +22,7 @@
#include <unistd.h>
#include <err.h>
#include <errno.h>
+#include <readpassphrase.h>
#include <string.h>
#include <stdlib.h>
#include <sys/wait.h>
@@ -636,7 +637,7 @@ ca_export(struct ca *ca, char *keyname, char *myname, char
*password)
DIR *dexp;
struct dirent *de;
struct stat st;
- char *pass;
+ char pass[_PASSWORD_LEN + 1];
char prev[_PASSWORD_LEN + 1];
char passenv[_PASSWORD_LEN + 8];
char oname[PATH_MAX];
@@ -667,16 +668,21 @@ ca_export(struct ca *ca, char *keyname, char *myname,
char *password)
if (password != NULL)
snprintf(passenv, sizeof(passenv), "EXPASS=%s", password);
else {
- pass = getpass("Export passphrase:");
- if (pass == NULL || *pass == '\0')
- err(1, "password not set");
-
- strlcpy(prev, pass, sizeof(prev));
- pass = getpass("Retype export passphrase:");
- if (pass == NULL || strcmp(prev, pass) != 0)
+ if (readpassphrase("Export passphrase:", prev, sizeof(prev), 0)
+ == NULL)
+ errx(1, "unable to read passphrase");
+ if (*prev == '\0')
+ errx(1, "password not set");
+
+ if (readpassphrase("Retype export passphrase:", pass,
+ sizeof(pass), 0) == NULL)
+ errx(1, "unable to read passphrase");
+ if (strcmp(prev, pass) != 0)
errx(1, "passphrase does not match!");
snprintf(passenv, sizeof(passenv), "EXPASS=%s", pass);
+ explicit_bzero(pass, sizeof(pass));
+ explicit_bzero(prev, sizeof(prev));
}
snprintf(cacrt, sizeof(cacrt), "%s/ca.crt", ca->sslpath);
