main: changePassword: zero masterkey
Overwrite the masterkey with zeros once we have encrypted it, and let it run out of scope. Also get rid of the password duplicate in readpassword.Twice.
This commit is contained in:
parent
2cf050d69e
commit
adf7d75d31
@ -49,6 +49,10 @@ func Twice(extpass string) []byte {
|
||||
tlog.Fatal.Println("Passwords do not match")
|
||||
os.Exit(exitcodes.ReadPassword)
|
||||
}
|
||||
// Wipe the password duplicate from memory
|
||||
for i := range p2 {
|
||||
p2[i] = 0
|
||||
}
|
||||
return p1
|
||||
}
|
||||
|
||||
|
13
main.go
13
main.go
@ -61,20 +61,27 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
|
||||
}
|
||||
|
||||
// changePassword - change the password of config file "filename"
|
||||
// Does not return (calls os.Exit both on success and on error).
|
||||
func changePassword(args *argContainer) {
|
||||
masterkey, confFile, err := loadConfig(args)
|
||||
var confFile *configfile.ConfFile
|
||||
var err error
|
||||
{
|
||||
var masterkey []byte
|
||||
masterkey, confFile, err = loadConfig(args)
|
||||
if err != nil {
|
||||
exitcodes.Exit(err)
|
||||
}
|
||||
tlog.Info.Println("Please enter your new password.")
|
||||
{
|
||||
newPw := readpassword.Twice(args.extpass)
|
||||
readpassword.CheckTrailingGarbage()
|
||||
confFile.EncryptKey(masterkey, newPw, confFile.ScryptObject.LogN())
|
||||
for i := range newPw {
|
||||
newPw[i] = 0
|
||||
}
|
||||
// newPw runs out of scope here
|
||||
for i := range masterkey {
|
||||
masterkey[i] = 0
|
||||
}
|
||||
// masterkey and newPw run out of scope here
|
||||
}
|
||||
// Are we resetting the password without knowing the old one using
|
||||
// "-masterkey"?
|
||||
|
Loading…
Reference in New Issue
Block a user