From 14c063428dcded6a1060395bb45bf7bd5d185738 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 18 Feb 2018 12:55:20 +0100 Subject: main: doMount: use a deferred function for wipeKeys Also drop the unused int return. --- main.go | 8 ++------ mount.go | 9 ++++----- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/main.go b/main.go index acaa205..797701a 100644 --- a/main.go +++ b/main.go @@ -267,10 +267,6 @@ func main() { tlog.Fatal.Printf("Usage: %s [OPTIONS] CIPHERDIR MOUNTPOINT [-o COMMA-SEPARATED-OPTIONS]", tlog.ProgramName) os.Exit(exitcodes.Usage) } - ret := doMount(&args) - if ret != 0 { - os.Exit(ret) - } - // Don't call os.Exit on success to give deferred functions a chance to - // run + doMount(&args) + // Don't call os.Exit to give deferred functions a chance to run } diff --git a/mount.go b/mount.go index c19d684..9560efe 100644 --- a/mount.go +++ b/mount.go @@ -35,7 +35,7 @@ import ( // doMount mounts an encrypted directory. // Called from main. -func doMount(args *argContainer) int { +func doMount(args *argContainer) { // Check mountpoint var err error args.mountpoint, err = filepath.Abs(flagSet.Arg(1)) @@ -95,7 +95,6 @@ func doMount(args *argContainer) int { } var confFile *configfile.ConfFile var srv *fuse.Server - var wipeKeys func() { // Get master key (may prompt for the password) var masterkey []byte @@ -126,7 +125,10 @@ func doMount(args *argContainer) int { // We cannot use JSON for pretty-printing as the fields are unexported tlog.Debug.Printf("cli args: %#v", args) // Initialize FUSE server + var wipeKeys func() srv, wipeKeys = initFuseFrontend(masterkey, args, confFile) + // Try to wipe secrect keys from memory after unmount + defer wipeKeys() // fusefrontend / fusefrontend_reverse have initialized their crypto, // we can purge the master key from memory. for i := range masterkey { @@ -172,9 +174,6 @@ func doMount(args *argContainer) int { debug.FreeOSMemory() // Jump into server loop. Returns when it gets an umount request from the kernel. srv.Serve() - // Try to wipe secrect keys from memory - wipeKeys() - return 0 } // setOpenFileLimit tries to increase the open file limit to 4096 (the default hard -- cgit v1.2.3