Re: [patch] Use readpassphrase in ikectl

Thu, 08 Jun 2017 05:33:51 -0700 

On Fri, May 19, 2017 at 12:35:44AM -0500, Matthew Martin wrote:
> While making the last patch, I noticed ikectl uses getpass. Use
> readpassphrase instead and explicit_bzero the buffers.
> 
> - Matthew Martin

What is the goal here?  It can't be to use a different buffer size as
the same size as getpass is used.

getpass is implemented in terms of readpassphrase.  Looking at the
implementation the flags argument should be RPP_ECHO_OFF (0) rather
than just 0.

char *
getpass(const char *prompt)
{
        static char buf[_PASSWORD_LEN + 1];

        return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF));
}

> 
> 
> 
> diff --git ikeca.c ikeca.c
> index 69ca076407b..2ec010a5831 100644
> --- ikeca.c
> +++ ikeca.c
> @@ -22,6 +22,7 @@
>  #include <unistd.h>
>  #include <err.h>
>  #include <errno.h>
> +#include <readpassphrase.h>
>  #include <string.h>
>  #include <stdlib.h>
>  #include <sys/wait.h>
> @@ -636,7 +637,7 @@ ca_export(struct ca *ca, char *keyname, char *myname, 
> char *password)
>       DIR             *dexp;
>       struct dirent   *de;
>       struct stat      st;
> -     char            *pass;
> +     char             pass[_PASSWORD_LEN + 1];
>       char             prev[_PASSWORD_LEN + 1];
>       char             passenv[_PASSWORD_LEN + 8];
>       char             oname[PATH_MAX];
> @@ -667,16 +668,21 @@ ca_export(struct ca *ca, char *keyname, char *myname, 
> char *password)
>       if (password != NULL)
>               snprintf(passenv, sizeof(passenv), "EXPASS=%s", password);
>       else {
> -             pass = getpass("Export passphrase:");
> -             if (pass == NULL || *pass == '\0')
> -                     err(1, "password not set");
> -
> -             strlcpy(prev, pass, sizeof(prev));
> -             pass = getpass("Retype export passphrase:");
> -             if (pass == NULL || strcmp(prev, pass) != 0)
> +             if (readpassphrase("Export passphrase:", prev, sizeof(prev), 0)
> +                 == NULL)
> +                     errx(1, "unable to read passphrase");
> +             if (*prev == '\0')
> +                     errx(1, "password not set");
> +
> +             if (readpassphrase("Retype export passphrase:", pass,
> +                 sizeof(pass), 0) == NULL)
> +                     errx(1, "unable to read passphrase");
> +             if (strcmp(prev, pass) != 0)
>                       errx(1, "passphrase does not match!");
>  
>               snprintf(passenv, sizeof(passenv), "EXPASS=%s", pass);
> +             explicit_bzero(pass, sizeof(pass));
> +             explicit_bzero(prev, sizeof(prev));
>       }
>  
>       snprintf(cacrt, sizeof(cacrt), "%s/ca.crt", ca->sslpath);
>

Reply via email to