From 29e7a206cd70c72823d27c2e5f5db3b55a41e28d Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 2 Mar 2017 15:57:01 +0100 Subject: share memory for passphrase and askpass answer --- udev/ykfde.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/udev/ykfde.c b/udev/ykfde.c index 1e1061f..98ca946 100644 --- a/udev/ykfde.c +++ b/udev/ykfde.c @@ -116,16 +116,17 @@ static int try_answer(const unsigned int serial, uint8_t slot, const char * ask_ const char * ask_message, * ask_socket; int fd_askpass; char response[RESPONSELEN], - passphrase[PASSPHRASELEN + 1], - passphrase_askpass[PASSPHRASELEN + 2]; + askpass[PASSPHRASELEN + 2]; + char * passphrase = askpass + 1; /* keyutils */ key_serial_t key; void * payload = NULL; size_t plen; memset(response, 0, RESPONSELEN); - memset(passphrase, 0, PASSPHRASELEN + 1); - memset(passphrase_askpass, 0, PASSPHRASELEN + 2); + memset(askpass, 0, PASSPHRASELEN + 2); + + *askpass = '+'; /* get second factor from key store * if this fails it is not critical... possibly we just do not @@ -197,14 +198,12 @@ static int try_answer(const unsigned int serial, uint8_t slot, const char * ask_ goto out3; } - sprintf(passphrase_askpass, "+%s", passphrase); - if ((fd_askpass = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0)) < 0) { perror("socket() failed"); goto out3; } - if (send_on_socket(fd_askpass, ask_socket, passphrase_askpass, PASSPHRASELEN + 1) < 0) { + if (send_on_socket(fd_askpass, ask_socket, askpass, PASSPHRASELEN + 1) < 0) { perror("send_on_socket() failed"); goto out4; } @@ -226,8 +225,7 @@ out2: out1: /* wipe response (cleartext password!) from memory */ memset(response, 0, RESPONSELEN); - memset(passphrase, 0, PASSPHRASELEN + 1); - memset(passphrase_askpass, 0, PASSPHRASELEN + 2); + memset(askpass, 0, PASSPHRASELEN + 2); return rc; } -- cgit v1.2.3-54-g00ecf