[PATCH v2 11/16] contrib/git-credential-gnome-keyring.c: use secure memory for reading passwords

Mon, 23 Sep 2013 12:00:17 -0700 

From: Brandon Casey <draf...@gmail.com>

gnome-keyring provides functions to allocate non-pageable memory (if
possible).  Let's use them to allocate memory that may be used to hold
secure data read from the keyring.

Signed-off-by: Brandon Casey <draf...@gmail.com>
---
 .../credential/gnome-keyring/git-credential-gnome-keyring.c  | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c 
b/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c
index d8a7038..5e79669 100644
--- a/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c
+++ b/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c
@@ -289,12 +289,14 @@ static void credential_clear(struct credential *c)
 
 static int credential_read(struct credential *c)
 {
-       char    buf[1024];
+       char    *buf;
        size_t line_len;
-       char   *key      = buf;
+       char   *key;
        char   *value;
 
-       while (fgets(buf, sizeof(buf), stdin))
+       key = buf = gnome_keyring_memory_alloc(1024);
+
+       while (fgets(buf, 1024, stdin))
        {
                line_len = strlen(buf);
 
@@ -307,6 +309,7 @@ static int credential_read(struct credential *c)
                value = strchr(buf,'=');
                if (!value) {
                        warning("invalid credential line: %s", key);
+                       gnome_keyring_memory_free(buf);
                        return -1;
                }
                *value++ = '\0';
@@ -339,6 +342,9 @@ static int credential_read(struct credential *c)
                 * learn new lines, and the helpers are updated to match.
                 */
        }
+
+       gnome_keyring_memory_free(buf);
+
        return 0;
 }
 
-- 
1.8.4.rc4.6.g5555d19


-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may 
contain
confidential information.  Any unauthorized review, use, disclosure or 
distribution
is prohibited.  If you are not the intended recipient, please contact the 
sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to