summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--internal/readpassword/read.go4
-rw-r--r--main.go19
2 files changed, 17 insertions, 6 deletions
diff --git a/internal/readpassword/read.go b/internal/readpassword/read.go
index 047eba9..e2fce8a 100644
--- a/internal/readpassword/read.go
+++ b/internal/readpassword/read.go
@@ -49,6 +49,10 @@ func Twice(extpass string) []byte {
tlog.Fatal.Println("Passwords do not match")
os.Exit(exitcodes.ReadPassword)
}
+ // Wipe the password duplicate from memory
+ for i := range p2 {
+ p2[i] = 0
+ }
return p1
}
diff --git a/main.go b/main.go
index ddb4f4e..1e1de11 100644
--- a/main.go
+++ b/main.go
@@ -61,20 +61,27 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
}
// changePassword - change the password of config file "filename"
+// Does not return (calls os.Exit both on success and on error).
func changePassword(args *argContainer) {
- masterkey, confFile, err := loadConfig(args)
- if err != nil {
- exitcodes.Exit(err)
- }
- tlog.Info.Println("Please enter your new password.")
+ var confFile *configfile.ConfFile
+ var err error
{
+ var masterkey []byte
+ masterkey, confFile, err = loadConfig(args)
+ if err != nil {
+ exitcodes.Exit(err)
+ }
+ tlog.Info.Println("Please enter your new password.")
newPw := readpassword.Twice(args.extpass)
readpassword.CheckTrailingGarbage()
confFile.EncryptKey(masterkey, newPw, confFile.ScryptObject.LogN())
for i := range newPw {
newPw[i] = 0
}
- // newPw runs out of scope here
+ for i := range masterkey {
+ masterkey[i] = 0
+ }
+ // masterkey and newPw run out of scope here
}
// Are we resetting the password without knowing the old one using
// "-masterkey"?