diff options
author | Jakob Unterwurzacher | 2018-02-18 15:33:35 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2018-02-18 15:36:14 +0100 |
commit | adf7d75d31889e2dbd52c15efdecf3a8304c0bc1 (patch) | |
tree | 98d42397b506c5d05bdfd1bb4155b3907f45c40a | |
parent | 2cf050d69e9cab45015619e48ea96993129bab44 (diff) |
main: changePassword: zero masterkey
Overwrite the masterkey with zeros once we
have encrypted it, and let it run out of scope.
Also get rid of the password duplicate in
readpassword.Twice.
-rw-r--r-- | internal/readpassword/read.go | 4 | ||||
-rw-r--r-- | main.go | 19 |
2 files changed, 17 insertions, 6 deletions
diff --git a/internal/readpassword/read.go b/internal/readpassword/read.go index 047eba9..e2fce8a 100644 --- a/internal/readpassword/read.go +++ b/internal/readpassword/read.go @@ -49,6 +49,10 @@ func Twice(extpass string) []byte { tlog.Fatal.Println("Passwords do not match") os.Exit(exitcodes.ReadPassword) } + // Wipe the password duplicate from memory + for i := range p2 { + p2[i] = 0 + } return p1 } @@ -61,20 +61,27 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf } // changePassword - change the password of config file "filename" +// Does not return (calls os.Exit both on success and on error). func changePassword(args *argContainer) { - masterkey, confFile, err := loadConfig(args) - if err != nil { - exitcodes.Exit(err) - } - tlog.Info.Println("Please enter your new password.") + var confFile *configfile.ConfFile + var err error { + var masterkey []byte + masterkey, confFile, err = loadConfig(args) + if err != nil { + exitcodes.Exit(err) + } + tlog.Info.Println("Please enter your new password.") newPw := readpassword.Twice(args.extpass) readpassword.CheckTrailingGarbage() confFile.EncryptKey(masterkey, newPw, confFile.ScryptObject.LogN()) for i := range newPw { newPw[i] = 0 } - // newPw runs out of scope here + for i := range masterkey { + masterkey[i] = 0 + } + // masterkey and newPw run out of scope here } // Are we resetting the password without knowing the old one using // "-masterkey"? |