[hackers] [slock] clear passwords with explicit_bzero || Hiltjo Posthuma

From: <git_AT_suckless.org>
Date: Sat, 13 Aug 2016 10:00:16 +0200 (CEST)

commit a7afade1701a809f6a33b53525d59dd29b38d381
Author: Hiltjo Posthuma <hiltjo_AT_codemadness.org>
AuthorDate: Sun Jul 31 13:43:00 2016 +0200
Commit: Hiltjo Posthuma <hiltjo_AT_codemadness.org>
CommitDate: Sat Aug 13 09:58:00 2016 +0200

    clear passwords with explicit_bzero
    
    Make sure to explicitly clear memory that is used for password input. memset
    is often optimized out by the compiler.
    
    Brought to attention by the OpenBSD community, see:
    https://marc.info/?t=146989502600003&r=1&w=2
    Thread subject: x11/slock: clear passwords with explicit_bzero
    
    Changes:
    
    - explicit_bzero.c import from libressl-portable.
    - Makefile: add COMPATSRC for compatibility src.
    - config.mk: add separate *BSD section in config.mk to simply uncomment it on
      these platforms.

diff --git a/Makefile b/Makefile
index 86b3437..8b3e248 100644
--- a/Makefile
+++ b/Makefile
_AT_@ -3,7 +3,7 @@
 
 include config.mk
 
-SRC = slock.c
+SRC = slock.c ${COMPATSRC}
 OBJ = ${SRC:.c=.o}
 
 all: options slock
_AT_@ -35,8 +35,8 @@ clean:
 dist: clean
         _AT_echo creating dist tarball
         _AT_mkdir -p slock-${VERSION}
- _AT_cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \
- slock-${VERSION}
+ _AT_cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \
+ explicit_bzero.c slock.1 slock-${VERSION}
         _AT_tar -cf slock-${VERSION}.tar slock-${VERSION}
         _AT_gzip slock-${VERSION}.tar
         _AT_rm -rf slock-${VERSION}
diff --git a/config.mk b/config.mk
index f93879e..3afc061 100644
--- a/config.mk
+++ b/config.mk
_AT_@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
 CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
 CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
 LDFLAGS = -s ${LIBS}
+COMPATSRC = explicit_bzero.c
 
 # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
 # On OpenBSD and Darwin remove -lcrypt from LIBS
+#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
+#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
+#COMPATSRC =
 
 # compiler and linker
 CC = cc
diff --git a/explicit_bzero.c b/explicit_bzero.c
new file mode 100644
index 0000000..3e33ca8
--- /dev/null
+++ b/explicit_bzero.c
_AT_@ -0,0 +1,19 @@
+/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <string.h>
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+ memset(buf, 0, len);
+ __explicit_bzero_hook(buf, len);
+}
diff --git a/slock.c b/slock.c
index c9cdee2..a00fbb9 100644
--- a/slock.c
+++ b/slock.c
_AT_@ -23,6 +23,8 @@
 #include <bsd_auth.h>
 #endif
 
+#include "util.h"
+
 enum {
         INIT,
         INPUT,
_AT_@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws)
          * timeout. */
         while (running && !XNextEvent(dpy, &ev)) {
                 if (ev.type == KeyPress) {
- buf[0] = 0;
+ explicit_bzero(&buf, sizeof(buf));
                         num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
                         if (IsKeypadKey(ksym)) {
                                 if (ksym == XK_KP_Enter)
_AT_@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws)
                                         XBell(dpy, 100);
                                         failure = True;
                                 }
+ explicit_bzero(&passwd, sizeof(passwd));
                                 len = 0;
                                 break;
                         case XK_Escape:
+ explicit_bzero(&passwd, sizeof(passwd));
                                 len = 0;
                                 break;
                         case XK_BackSpace:
                                 if (len)
- --len;
+ passwd[len--] = 0;
                                 break;
                         default:
                                 if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
diff --git a/util.h b/util.h
new file mode 100644
index 0000000..6f748b8
--- /dev/null
+++ b/util.h
_AT_@ -0,0 +1,2 @@
+#undef explicit_bzero
+void explicit_bzero(void *, size_t);
Received on Sat Aug 13 2016 - 10:00:16 CEST

This archive was generated by hypermail 2.3.0 : Sat Aug 13 2016 - 10:12:17 CEST