Clear static buffer returned by getpass()

diff --git a/src/charon-cmd/cmd/cmd_creds.c b/src/charon-cmd/cmd/cmd_creds.c
index b440cf87728b79d39128d9975720bd354c07da59..49607005101989f06dc50cd6c7805109d86bf067 100644 (file)
--- a/src/charon-cmd/cmd/cmd_creds.c
+++ b/src/charon-cmd/cmd/cmd_creds.c
@@ -112,6 +112,7 @@ static shared_key_t* callback_shared(private_cmd_creds_t *this,
                *match_other = ID_MATCH_PERFECT;
        }
        shared = shared_key_create(type, chunk_clone(chunk_from_str(pwd)));
+       memwipe(pwd, strlen(pwd));
        /* cache password in case it is required more than once */
        this->creds->add_shared(this->creds, shared, NULL);
        return shared->get_ref(shared);

diff --git a/src/pki/pki.c b/src/pki/pki.c
index bb6b278d46b477d13a9f8ee1ebc240d077a38fc6..d275f0cf6e82e5c73e81517de70ecf7850b03a46 100644 (file)
--- a/src/pki/pki.c
+++ b/src/pki/pki.c
@@ -393,6 +393,7 @@ static shared_key_t* cb(void *data, shared_key_type_t type,
                        *match_other = ID_MATCH_NONE;
                }
                shared = shared_key_create(type, chunk_clone(chunk_from_str(secret)));
+               memwipe(secret, strlen(secret));
                /* cache password in case it is required more than once */
                cb_creds->add_shared(cb_creds, shared, NULL);
                return shared->get_ref(shared);

diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 8248440dd0660c570e99250e6b9da5a404f728ef..eb559f5a10843d248c0b1c4e6dc2d941e661dbee 100644 (file)
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -129,6 +129,7 @@ static int send_stroke_msg(stroke_msg_t *msg)
                        if (pass)
                        {
                                stream->write_all(stream, pass, strlen(pass));
+                               memwipe(pass, strlen(pass));
                                stream->write_all(stream, "\n", 1);
                        }
                }

diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index 3c58f3bdcc5fb23850dd007779e6501b569ff6a9..852a775842e8a9836fe4d07f80a4a1729a24c50c 100644 (file)
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -254,6 +254,7 @@ CALLBACK(password_cb, shared_key_t*,
                *match_other = ID_MATCH_PERFECT;
        }
        shared = shared_key_create(type, chunk_clone(chunk_from_str(pwd)));
+       memwipe(pwd, strlen(pwd));
        /* cache secret if it is required more than once (PKCS#12) */
        data->cache->add_shared(data->cache, shared, NULL);
        return shared->get_ref(shared);
@@ -635,14 +636,13 @@ static void load_tokens(load_ctx_t *ctx)
                        {
 #ifdef HAVE_GETPASS
                                snprintf(prompt, sizeof(prompt), "PIN for %s: ", section);
-                               pin = strdupnull(getpass(prompt));
+                               pin = getpass(prompt);
 #endif
                        }
                        load_token(ctx, section, pin);
                        if (pin)
                        {
                                memwipe(pin, strlen(pin));
-                               free(pin);
                                pin = NULL;
                        }
                }