ask-password: erase character read with _cleanup_

This is much nicer, since it means we erase the character regardless how
we exit the scope.

diff --git a/src/basic/memory-util.h b/src/basic/memory-util.h
index e1e6624d3b0c64b248763e2b7f6c72ce812cf8a1..915c24a5ddeb4eec8bec2600e346696397364cdf 100644 (file)
--- a/src/basic/memory-util.h
+++ b/src/basic/memory-util.h
@@ -77,3 +77,8 @@ static inline void* explicit_bzero_safe(void *p, size_t l) {
 #else
 void *explicit_bzero_safe(void *p, size_t l);
 #endif
+
+/* Use with _cleanup_ to erase a single 'char' when leaving scope */
+static inline void erase_char(char *p) {
+        explicit_bzero_safe(p, sizeof(char));
+}

diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 4122362b3c0ef5508384b73054d7f233b82a9a30..88335c6d08572ee461c962e8c0073fbf592e56dc 100644 (file)
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -306,9 +306,9 @@ int ask_password_tty(
         };
 
         for (;;) {
+                _cleanup_(erase_char) char c;
                 int sleep_for = -1, k;
                 ssize_t n;
-                char c;
 
                 if (until > 0) {
                         usec_t y;
@@ -452,9 +452,6 @@ int ask_password_tty(
 
                         dirty = true;
                 }
-
-                /* Let's forget this char, just to not keep needlessly copies of key material around */
-                c = 'x';
         }
 
         x = strndup(passphrase, p);