From 3377379f33597c6d8443ed3b0431f0ddee21890e Mon Sep 17 00:00:00 2001 From: Michael Ortmann <41313082+michaelortmann@users.noreply.github.com> Date: Thu, 16 Jul 2020 23:34:06 +0200 Subject: [PATCH 1/4] Use explicit_bzero() if available --- comm.c | 2 +- include/swaylock.h | 7 ++++++- meson.build | 4 ++++ pam.c | 4 ++-- password.c | 15 ++++++--------- shadow.c | 8 ++++---- 6 files changed, 23 insertions(+), 17 deletions(-) diff --git a/comm.c b/comm.c index 7855a7f39..700dbaff0 100644 --- a/comm.c +++ b/comm.c @@ -91,7 +91,7 @@ bool write_comm_request(struct swaylock_password *pw) { result = true; out: - clear_password_buffer(pw); + explicit_bzero(pw, sizeof *pw); return result; } diff --git a/include/swaylock.h b/include/swaylock.h index 3993fe5aa..fc3a619e1 100644 --- a/include/swaylock.h +++ b/include/swaylock.h @@ -2,6 +2,12 @@ #define _SWAYLOCK_H #include #include +#ifdef HAVE_EXPLICIT_BZERO +#include +#include +#else +void explicit_bzero(void *buf, size_t size); +#endif #include #include "background-image.h" #include "cairo.h" @@ -133,6 +139,5 @@ void schedule_indicator_clear(struct swaylock_state *state); void initialize_pw_backend(int argc, char **argv); void run_pw_backend_child(void); -void clear_buffer(char *buf, size_t size); #endif diff --git a/meson.build b/meson.build index 62c188aa6..f8b3de9fb 100644 --- a/meson.build +++ b/meson.build @@ -110,6 +110,10 @@ client_protos = declare_dependency( conf_data = configuration_data() conf_data.set10('HAVE_GDK_PIXBUF', gdk_pixbuf.found()) +if cc.has_function('explicit_bzero') + conf_data.set('HAVE_EXPLICIT_BZERO', 1) +endif + subdir('include') dependencies = [ diff --git a/pam.c b/pam.c index 0adc9c649..9ea3a0206 100644 --- a/pam.c +++ b/pam.c @@ -103,11 +103,11 @@ void run_pw_backend_child(void) { } if (!write_comm_reply(success)) { - clear_buffer(pw_buf, size); + explicit_bzero(pw_buf, size); exit(EXIT_FAILURE); } - clear_buffer(pw_buf, size); + explicit_bzero(pw_buf, size); free(pw_buf); pw_buf = NULL; } diff --git a/password.c b/password.c index e1a1d9a2c..d597942aa 100644 --- a/password.c +++ b/password.c @@ -12,7 +12,8 @@ #include "swaylock.h" #include "unicode.h" -void clear_buffer(char *buf, size_t size) { +#ifndef HAVE_EXPLICIT_BZERO +void explicit_bzero(void *buf, size_t size) { // Use volatile keyword so so compiler can't optimize this out. volatile char *buffer = buf; volatile char zero = '\0'; @@ -20,11 +21,7 @@ void clear_buffer(char *buf, size_t size) { buffer[i] = zero; } } - -void clear_password_buffer(struct swaylock_password *pw) { - clear_buffer(pw->buffer, sizeof(pw->buffer)); - pw->len = 0; -} +#endif static bool backspace(struct swaylock_password *pw) { if (pw->len != 0) { @@ -64,7 +61,7 @@ static void clear_password(void *data) { struct swaylock_state *state = data; state->clear_password_timer = NULL; state->auth_state = AUTH_STATE_CLEAR; - clear_password_buffer(&state->password); + explicit_bzero(&state->password, sizeof state->password); damage_state(state); schedule_indicator_clear(state); } @@ -116,7 +113,7 @@ void swaylock_handle_key(struct swaylock_state *state, schedule_password_clear(state); break; case XKB_KEY_Escape: - clear_password_buffer(&state->password); + explicit_bzero(&state->password, sizeof state->password); state->auth_state = AUTH_STATE_CLEAR; damage_state(state); schedule_indicator_clear(state); @@ -148,7 +145,7 @@ void swaylock_handle_key(struct swaylock_state *state, case XKB_KEY_c: /* fallthrough */ case XKB_KEY_u: if (state->xkb.control) { - clear_password_buffer(&state->password); + explicit_bzero(&state->password, sizeof state->password); state->auth_state = AUTH_STATE_CLEAR; damage_state(state); schedule_indicator_clear(state); diff --git a/shadow.c b/shadow.c index 0c474e611..d05f9358c 100644 --- a/shadow.c +++ b/shadow.c @@ -83,24 +83,24 @@ void run_pw_backend_child(void) { char *c = crypt(buf, encpw); if (c == NULL) { swaylock_log_errno(LOG_ERROR, "crypt failed"); - clear_buffer(buf, size); + explicit_bzero(buf, size); exit(EXIT_FAILURE); } bool success = strcmp(c, encpw) == 0; if (!write_comm_reply(success)) { - clear_buffer(buf, size); + explicit_bzero(buf, size); exit(EXIT_FAILURE); } // We don't want to keep it in memory longer than necessary, // so clear *before* sleeping. - clear_buffer(buf, size); + explicit_bzero(buf, size); free(buf); sleep(2); } - clear_buffer(encpw, strlen(encpw)); + explicit_bzero(encpw, strlen(encpw)); exit(EXIT_SUCCESS); } \ No newline at end of file From d40fdf5f153044553a15235db4477f38742cbe6b Mon Sep 17 00:00:00 2001 From: Michael Ortmann <41313082+michaelortmann@users.noreply.github.com> Date: Thu, 30 Jul 2020 23:04:07 +0200 Subject: [PATCH 2/4] parentheses around sizeof --- comm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/comm.c b/comm.c index 700dbaff0..49c829116 100644 --- a/comm.c +++ b/comm.c @@ -91,7 +91,7 @@ bool write_comm_request(struct swaylock_password *pw) { result = true; out: - explicit_bzero(pw, sizeof *pw); + explicit_bzero(pw, sizeof(*pw)); return result; } From 30a615a7a70b31823dadbd1764ece3f47594718d Mon Sep 17 00:00:00 2001 From: Michael Ortmann <41313082+michaelortmann@users.noreply.github.com> Date: Fri, 31 Jul 2020 18:38:01 +0200 Subject: [PATCH 3/4] conf_data.set() -> conf_data.set10() --- meson.build | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/meson.build b/meson.build index f8b3de9fb..d0ba7ee14 100644 --- a/meson.build +++ b/meson.build @@ -109,10 +109,7 @@ client_protos = declare_dependency( conf_data = configuration_data() conf_data.set10('HAVE_GDK_PIXBUF', gdk_pixbuf.found()) - -if cc.has_function('explicit_bzero') - conf_data.set('HAVE_EXPLICIT_BZERO', 1) -endif +conf_data.set10('HAVE_EXPLICIT_BZERO', cc.has_function('explicit_bzero')) subdir('include') From 8df84771bd50dba432f1f2bb6537ca28be96f47d Mon Sep 17 00:00:00 2001 From: Michael Ortmann <41313082+michaelortmann@users.noreply.github.com> Date: Sat, 8 Aug 2020 00:56:33 +0200 Subject: [PATCH 4/4] add prefix --- meson.build | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index d0ba7ee14..377c3fe1b 100644 --- a/meson.build +++ b/meson.build @@ -109,7 +109,10 @@ client_protos = declare_dependency( conf_data = configuration_data() conf_data.set10('HAVE_GDK_PIXBUF', gdk_pixbuf.found()) -conf_data.set10('HAVE_EXPLICIT_BZERO', cc.has_function('explicit_bzero')) + +conf_data.set10('HAVE_EXPLICIT_BZERO', cc.has_function('explicit_bzero', prefix : '''#include +#include +#include ''', args : '-D_GNU_SOURCE')) subdir('include')