From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 Mar 2019 09:29:20 +0000 (+0100)
Subject: ask-password: erase character read with _cleanup_
X-Git-Tag: v242-rc1~103^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e1ed99c8c89d6e4ca4df3e47617ff1f3e194cabb;p=thirdparty%2Fsystemd.git

ask-password: erase character read with _cleanup_

This is much nicer, since it means we erase the character regardless how
we exit the scope.
---

diff --git a/src/basic/memory-util.h b/src/basic/memory-util.h
index e1e6624d3b0..915c24a5dde 100644
--- a/src/basic/memory-util.h
+++ b/src/basic/memory-util.h
@@ -77,3 +77,8 @@ static inline void* explicit_bzero_safe(void *p, size_t l) {
 #else
 void *explicit_bzero_safe(void *p, size_t l);
 #endif
+
+/* Use with _cleanup_ to erase a single 'char' when leaving scope */
+static inline void erase_char(char *p) {
+        explicit_bzero_safe(p, sizeof(char));
+}
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 4122362b3c0..88335c6d085 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -306,9 +306,9 @@ int ask_password_tty(
         };
 
         for (;;) {
+                _cleanup_(erase_char) char c;
                 int sleep_for = -1, k;
                 ssize_t n;
-                char c;
 
                 if (until > 0) {
                         usec_t y;
@@ -452,9 +452,6 @@ int ask_password_tty(
 
                         dirty = true;
                 }
-
-                /* Let's forget this char, just to not keep needlessly copies of key material around */
-                c = 'x';
         }
 
         x = strndup(passphrase, p);