main: zero password once we are done with it

Overwrite the password we have got from the user
with zeros once we don't need it anymore, and make
sure the variable runs out of scope.
This commit is contained in:
Jakob Unterwurzacher 2018-02-18 15:22:22 +01:00
parent 3b8f5cbb17
commit 2cf050d69e
3 changed files with 18 additions and 5 deletions

View File

@ -67,6 +67,9 @@ func dumpMasterKey(fn string) {
exitcodes.Exit(err)
}
fmt.Println(hex.EncodeToString(masterkey))
for i := range pw {
pw[i] = 0
}
}
func inspectCiphertext(fd *os.File) {

View File

@ -45,8 +45,9 @@ func initDir(args *argContainer) {
tlog.Fatal.Println(err)
os.Exit(exitcodes.WriteConf)
}
// Note: cannot overwrite password because in Go, strings are
// read-only byte slices.
for i := range password {
password[i] = 0
}
// password runs out of scope here
}
// Forward mode with filename encryption enabled needs a gocryptfs.diriv

View File

@ -49,6 +49,9 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
pw := readpassword.Once(args.extpass)
tlog.Info.Println("Decrypting master key")
masterkey, confFile, err = configfile.LoadConfFile(args.config, pw)
for i := range pw {
pw[i] = 0
}
}
if err != nil {
tlog.Fatal.Println(err)
@ -64,9 +67,15 @@ func changePassword(args *argContainer) {
exitcodes.Exit(err)
}
tlog.Info.Println("Please enter your new password.")
{
newPw := readpassword.Twice(args.extpass)
readpassword.CheckTrailingGarbage()
confFile.EncryptKey(masterkey, newPw, confFile.ScryptObject.LogN())
for i := range newPw {
newPw[i] = 0
}
// newPw runs out of scope here
}
// Are we resetting the password without knowing the old one using
// "-masterkey"?
if args.masterkey != "" {