e auth - use our memclear and fill it out with modern zeroing methods
so memset_s still doesn't get detected (add a check anyway), but there are other alternatives, so detect and use them if found (explicit_bzero, explicit_memset) in addition to the generally "practically works" memset ptr method we had and.. just to be extra safe add an asm memory barrier to this fallback. also.. mlock the passwd memory in lokker (if it doesn't work - don't worry - there is nothing we can do, so we did our best) to avoid this memory gettign swapped etc.
This commit is contained in:
parent
276eb5b091
commit
a3ae1b0ac2
12
meson.build
12
meson.build
|
@ -186,6 +186,18 @@ if cc.has_header('execinfo.h') == true
|
||||||
elif cc.has_function('backtrace_symbols_fd', dependencies: 'execinfo') == false
|
elif cc.has_function('backtrace_symbols_fd', dependencies: 'execinfo') == false
|
||||||
execinfo_dep = dependency('execinfo', required: false)
|
execinfo_dep = dependency('execinfo', required: false)
|
||||||
endif
|
endif
|
||||||
|
if cc.has_function('explicit_bzero') == true
|
||||||
|
config_h.set('HAVE_EXPLICIT_BZERO' , '1')
|
||||||
|
endif
|
||||||
|
if cc.has_function('explicit_memset') == true
|
||||||
|
config_h.set('HAVE_EXPLICIT_MEMSET' , '1')
|
||||||
|
endif
|
||||||
|
if cc.has_function('memset_s') == true
|
||||||
|
config_h.set('HAVE_MEMSET_S' , '1')
|
||||||
|
endif
|
||||||
|
if cc.has_function('mlock') == true
|
||||||
|
config_h.set('HAVE_MLOCK' , '1')
|
||||||
|
endif
|
||||||
|
|
||||||
if cc.has_header('fnmatch.h') == false
|
if cc.has_header('fnmatch.h') == false
|
||||||
error('fnmatch.h not found')
|
error('fnmatch.h not found')
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
E_API int
|
E_API int
|
||||||
e_auth_begin(char *passwd)
|
e_auth_begin(char *passwd)
|
||||||
{
|
{
|
||||||
char buf[PATH_MAX], *p;
|
char buf[PATH_MAX];
|
||||||
Ecore_Exe *exe = NULL;
|
Ecore_Exe *exe = NULL;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
size_t pwlen;
|
size_t pwlen;
|
||||||
|
@ -31,9 +31,7 @@ e_auth_begin(char *passwd)
|
||||||
out:
|
out:
|
||||||
if (exe) ecore_exe_free(exe);
|
if (exe) ecore_exe_free(exe);
|
||||||
|
|
||||||
/* security - null out passwd string once we are done with it */
|
e_util_memclear(passwd, pwlen);
|
||||||
for (p = passwd; *p; p++) *p = 0;
|
|
||||||
if (passwd[rand() % pwlen]) fprintf(stderr, "ACK!\n");
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1458,25 +1458,29 @@ e_util_evas_objects_above_print_smart(Evas_Object *o)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
#if defined(HAVE_MEMSET_S)
|
||||||
* NOTICE: This function should not be used by external modules!!!
|
#elif defined(HAVE_EXPLICIT_BZERO)
|
||||||
*
|
#elif defined(HAVE_EXPLICIT_MEMSET)
|
||||||
* This function is just a hack to allow us to "securely" clear sensitive
|
#else
|
||||||
* info until memset_s() is readily available, or at least we move this hack
|
void *(* const volatile __memset_ptr)(void *, int, size_t) = memset;
|
||||||
* to Eina.
|
#endif
|
||||||
*
|
|
||||||
* This is going to work until link time optimizations are good enough.
|
|
||||||
* Hopefully by then, we'll be able to properly use memset_s().
|
|
||||||
*/
|
|
||||||
static void *(* const volatile memset_ptr)(void *, int, size_t) = memset;
|
|
||||||
|
|
||||||
E_API void
|
E_API void
|
||||||
e_util_memclear(void *s, size_t n)
|
e_util_memclear(void *s, size_t n)
|
||||||
{
|
{
|
||||||
memset_ptr(s, 0, n);
|
if (n == 0) return;
|
||||||
|
#if defined(HAVE_MEMSET_S)
|
||||||
|
memset_s(s, n, 0, n);
|
||||||
|
#elif defined(HAVE_EXPLICIT_BZERO)
|
||||||
|
explicit_bzero(s, n);
|
||||||
|
#elif defined(HAVE_EXPLICIT_MEMSET)
|
||||||
|
explicit_memset(s, 0, n);
|
||||||
|
#else
|
||||||
|
__memset_ptr(s, 0, n);
|
||||||
|
__asm__ __volatile__("": :"r"(s) : "memory");
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
E_API Ecore_Exe *
|
E_API Ecore_Exe *
|
||||||
e_util_open(const char *exe, void *data)
|
e_util_open(const char *exe, void *data)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
#include "e_mod_main.h"
|
#include "e_mod_main.h"
|
||||||
|
#include <sys/mman.h>
|
||||||
|
|
||||||
#define PASSWD_LEN 256
|
#define PASSWD_LEN 256
|
||||||
|
|
||||||
|
@ -858,6 +859,9 @@ lokker_lock(void)
|
||||||
}
|
}
|
||||||
edd = E_NEW(Lokker_Data, 1);
|
edd = E_NEW(Lokker_Data, 1);
|
||||||
if (!edd) return EINA_FALSE;
|
if (!edd) return EINA_FALSE;
|
||||||
|
#ifdef HAVE_MLOCK
|
||||||
|
mlock(edd, sizeof(Lokker_Data));
|
||||||
|
#endif
|
||||||
|
|
||||||
E_LIST_FOREACH(e_comp->zones, _lokker_popup_add);
|
E_LIST_FOREACH(e_comp->zones, _lokker_popup_add);
|
||||||
total_zone_num = eina_list_count(e_comp->zones);
|
total_zone_num = eina_list_count(e_comp->zones);
|
||||||
|
@ -881,5 +885,8 @@ lokker_unlock(void)
|
||||||
E_FREE_LIST(edd->handlers, ecore_event_handler_del);
|
E_FREE_LIST(edd->handlers, ecore_event_handler_del);
|
||||||
if (edd->move_handler) ecore_event_handler_del(edd->move_handler);
|
if (edd->move_handler) ecore_event_handler_del(edd->move_handler);
|
||||||
|
|
||||||
|
#ifdef HAVE_MLOCK
|
||||||
|
munlock(edd, sizeof(Lokker_Data));
|
||||||
|
#endif
|
||||||
E_FREE(edd);
|
E_FREE(edd);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue