main: zero password once we are done with it

Overwrite the password we have got from the user with zeros once we don't need it anymore, and make sure the variable runs out of scope.
author: Jakob Unterwurzacher 2018-02-18 15:22:22 +0100
committer: Jakob Unterwurzacher 2018-02-18 15:22:22 +0100
commit: 2cf050d69e9cab45015619e48ea96993129bab44 (patch)
tree: 097ed3e3da99be30861614804e1e886dff15b76f /main.go
parent: 3b8f5cbb17c964224456bb36b096feafb0e24f44 (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/main.go b/main.go
index ed5784f..ddb4f4e 100644
--- a/main.go
+++ b/main.go
@@ -49,6 +49,9 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
 		pw := readpassword.Once(args.extpass)
 		tlog.Info.Println("Decrypting master key")
 		masterkey, confFile, err = configfile.LoadConfFile(args.config, pw)
+		for i := range pw {
+			pw[i] = 0
+		}
 	}
 	if err != nil {
 		tlog.Fatal.Println(err)
@@ -64,9 +67,15 @@ func changePassword(args *argContainer) {
 		exitcodes.Exit(err)
 	}
 	tlog.Info.Println("Please enter your new password.")
-	newPw := readpassword.Twice(args.extpass)
-	readpassword.CheckTrailingGarbage()
-	confFile.EncryptKey(masterkey, newPw, confFile.ScryptObject.LogN())
+	{
+		newPw := readpassword.Twice(args.extpass)
+		readpassword.CheckTrailingGarbage()
+		confFile.EncryptKey(masterkey, newPw, confFile.ScryptObject.LogN())
+		for i := range newPw {
+			newPw[i] = 0
+		}
+		// newPw runs out of scope here
+	}
 	// Are we resetting the password without knowing the old one using
 	// "-masterkey"?
 	if args.masterkey != "" {
author	Jakob Unterwurzacher	2018-02-18 15:22:22 +0100
committer	Jakob Unterwurzacher	2018-02-18 15:22:22 +0100
commit	2cf050d69e9cab45015619e48ea96993129bab44 (patch)
tree	097ed3e3da99be30861614804e1e886dff15b76f /main.go
parent	3b8f5cbb17c964224456bb36b096feafb0e24f44 (diff)