X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=blobdiff_plain;f=src%2Fshared%2Fask-password-api.c;h=a0c76eddbe7ab4c6bc877003d0dbca31efe2cd79;hp=65151b19a6ed7b2ac7db4f7572ac6e593b0ddf03;hb=53e1b683907c2f12330f00feb9630150196f064d;hpb=3d391fa84f0b0f5708246848c713f2d52eaf92fe

diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 65151b19a6e..a0c76eddbe7 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
 /***
   This file is part of systemd.
 
@@ -43,12 +44,13 @@
 #include "ask-password-api.h"
 #include "fd-util.h"
 #include "fileio.h"
-#include "formats-util.h"
+#include "format-util.h"
 #include "io-util.h"
 #include "log.h"
 #include "macro.h"
 #include "missing.h"
 #include "mkdir.h"
+#include "process-util.h"
 #include "random-util.h"
 #include "signal-util.h"
 #include "socket-util.h"
@@ -95,7 +97,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
                 if (n < m)
                         break;
 
-                memory_erase(p, n);
+                explicit_bzero(p, n);
                 free(p);
                 m *= 2;
         }
@@ -104,7 +106,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
         if (!l)
                 return -ENOMEM;
 
-        memory_erase(p, n);
+        explicit_bzero(p, n);
 
         *ret = l;
         return 0;
@@ -140,7 +142,7 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa
                 return r;
 
         serial = add_key("user", keyname, p, n, KEY_SPEC_USER_KEYRING);
-        memory_erase(p, n);
+        explicit_bzero(p, n);
         if (serial == -1)
                 return -errno;
 
@@ -319,7 +321,7 @@ int ask_password_tty(
 
                 n = read(ttyfd >= 0 ? ttyfd : STDIN_FILENO, &c, 1);
                 if (n < 0) {
-                        if (errno == EINTR || errno == EAGAIN)
+                        if (IN_SET(errno, EINTR, EAGAIN))
                                 continue;
 
                         r = -errno;
@@ -336,7 +338,7 @@ int ask_password_tty(
                                 backspace_chars(ttyfd, p);
                         p = 0;
 
-                } else if (c == '\b' || c == 127) {
+                } else if (IN_SET(c, '\b', 127)) {
 
                         if (p > 0) {
 
@@ -390,7 +392,7 @@ int ask_password_tty(
         }
 
         x = strndup(passphrase, p);
-        memory_erase(passphrase, p);
+        explicit_bzero(passphrase, p);
         if (!x) {
                 r = -ENOMEM;
                 goto finish;
@@ -484,7 +486,7 @@ int ask_password_agent(
 
         (void) mkdir_p_label("/run/systemd/ask-password", 0755);
 
-        fd = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC);
+        fd = mkostemp_safe(temp);
         if (fd < 0) {
                 r = fd;
                 goto finish;
@@ -519,7 +521,7 @@ int ask_password_agent(
                 "AcceptCached=%i\n"
                 "Echo=%i\n"
                 "NotAfter="USEC_FMT"\n",
-                getpid(),
+                getpid_cached(),
                 socket_name,
                 (flags & ASK_PASSWORD_ACCEPT_CACHED) ? 1 : 0,
                 (flags & ASK_PASSWORD_ECHO) ? 1 : 0,
@@ -612,8 +614,7 @@ int ask_password_agent(
 
                 n = recvmsg(socket_fd, &msghdr, 0);
                 if (n < 0) {
-                        if (errno == EAGAIN ||
-                            errno == EINTR)
+                        if (IN_SET(errno, EAGAIN, EINTR))
                                 continue;
 
                         r = -errno;
@@ -647,7 +648,7 @@ int ask_password_agent(
                                 l = strv_new("", NULL);
                         else
                                 l = strv_parse_nulstr(passphrase+1, n-1);
-                        memory_erase(passphrase, n);
+                        explicit_bzero(passphrase, n);
                         if (!l) {
                                 r = -ENOMEM;
                                 goto finish;