main: changePassword: zero masterkey

Overwrite the masterkey with zeros once we have encrypted it, and let it run out of scope. Also get rid of the password duplicate in readpassword.Twice.
2018-02-18 15:33:35 +01:00 · 2018-02-18 15:33:35 +01:00 · adf7d75d31
parent 2cf050d69e
commit adf7d75d31
2 changed files with 17 additions and 6 deletions
--- a/internal/readpassword/read.go
+++ b/internal/readpassword/read.go
@ -49,6 +49,10 @@ func Twice(extpass string) []byte {
 		tlog.Fatal.Println("Passwords do not match")
 		os.Exit(exitcodes.ReadPassword)
 	}
+	// Wipe the password duplicate from memory
+	for i := range p2 {
+		p2[i] = 0
+	}
 	return p1
 }

--- a/main.go
+++ b/main.go
@ -61,20 +61,27 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
 }

 // changePassword - change the password of config file "filename"
+// Does not return (calls os.Exit both on success and on error).
 func changePassword(args *argContainer) {
-	masterkey, confFile, err := loadConfig(args)
-	if err != nil {
-		exitcodes.Exit(err)
-	}
-	tlog.Info.Println("Please enter your new password.")
+	var confFile *configfile.ConfFile
+	var err error
 	{
+		var masterkey []byte
+		masterkey, confFile, err = loadConfig(args)
+		if err != nil {
+			exitcodes.Exit(err)
+		}
+		tlog.Info.Println("Please enter your new password.")
 		newPw := readpassword.Twice(args.extpass)
 		readpassword.CheckTrailingGarbage()
 		confFile.EncryptKey(masterkey, newPw, confFile.ScryptObject.LogN())
 		for i := range newPw {
 			newPw[i] = 0
 		}
-		// newPw runs out of scope here
+		for i := range masterkey {
+			masterkey[i] = 0
+		}
+		// masterkey and newPw run out of scope here
 	}
 	// Are we resetting the password without knowing the old one using
 	// "-masterkey"?