diff options
-rw-r--r-- | udev/ykfde.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/udev/ykfde.c b/udev/ykfde.c index 1e1061f..98ca946 100644 --- a/udev/ykfde.c +++ b/udev/ykfde.c @@ -116,16 +116,17 @@ static int try_answer(const unsigned int serial, uint8_t slot, const char * ask_ const char * ask_message, * ask_socket; int fd_askpass; char response[RESPONSELEN], - passphrase[PASSPHRASELEN + 1], - passphrase_askpass[PASSPHRASELEN + 2]; + askpass[PASSPHRASELEN + 2]; + char * passphrase = askpass + 1; /* keyutils */ key_serial_t key; void * payload = NULL; size_t plen; memset(response, 0, RESPONSELEN); - memset(passphrase, 0, PASSPHRASELEN + 1); - memset(passphrase_askpass, 0, PASSPHRASELEN + 2); + memset(askpass, 0, PASSPHRASELEN + 2); + + *askpass = '+'; /* get second factor from key store * if this fails it is not critical... possibly we just do not @@ -197,14 +198,12 @@ static int try_answer(const unsigned int serial, uint8_t slot, const char * ask_ goto out3; } - sprintf(passphrase_askpass, "+%s", passphrase); - if ((fd_askpass = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0)) < 0) { perror("socket() failed"); goto out3; } - if (send_on_socket(fd_askpass, ask_socket, passphrase_askpass, PASSPHRASELEN + 1) < 0) { + if (send_on_socket(fd_askpass, ask_socket, askpass, PASSPHRASELEN + 1) < 0) { perror("send_on_socket() failed"); goto out4; } @@ -226,8 +225,7 @@ out2: out1: /* wipe response (cleartext password!) from memory */ memset(response, 0, RESPONSELEN); - memset(passphrase, 0, PASSPHRASELEN + 1); - memset(passphrase_askpass, 0, PASSPHRASELEN + 2); + memset(askpass, 0, PASSPHRASELEN + 2); return rc; } |