From 5b5c7a0a5d73859f74d2151061593ba2f9f9cac7 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 18 Feb 2018 12:42:22 +0100
Subject: main: overwrite keys and let them run out of scope

As soon as we don't need them anymore, overwrite
keys with zeros. Make sure they run out of scope
so we don't create a risk of inadvertedly using
all-zero keys for encryption.

https://github.com/rfjakob/gocryptfs/issues/211
---
 init_dir.go | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

(limited to 'init_dir.go')

diff --git a/init_dir.go b/init_dir.go
index 791f7d1..b13f741 100644
--- a/init_dir.go
+++ b/init_dir.go
@@ -36,13 +36,18 @@ func initDir(args *argContainer) {
 	if args.extpass == "" {
 		tlog.Info.Printf("Choose a password for protecting your files.")
 	}
-	password := readpassword.Twice(args.extpass)
-	readpassword.CheckTrailingGarbage()
-	creator := tlog.ProgramName + " " + GitVersion
-	err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom)
-	if err != nil {
-		tlog.Fatal.Println(err)
-		os.Exit(exitcodes.WriteConf)
+	{
+		creator := tlog.ProgramName + " " + GitVersion
+		password := readpassword.Twice(args.extpass)
+		readpassword.CheckTrailingGarbage()
+		err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom)
+		if err != nil {
+			tlog.Fatal.Println(err)
+			os.Exit(exitcodes.WriteConf)
+		}
+		// Note: cannot overwrite password because in Go, strings are
+		// read-only byte slices.
+		// password runs out of scope here
 	}
 	// Forward mode with filename encryption enabled needs a gocryptfs.diriv
 	// in the root dir
-- 
cgit v1.2.3