From 3b8f5cbb17c964224456bb36b096feafb0e24f44 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 18 Feb 2018 14:26:54 +0100 Subject: readpassword: convert from string to []byte This will allows us to overwrite the password with zeros once we are done with it. https://github.com/rfjakob/gocryptfs/issues/211 --- internal/readpassword/extpass_test.go | 8 +++++--- internal/readpassword/read.go | 19 ++++++++++--------- internal/readpassword/stdin_test.go | 4 ++-- 3 files changed, 17 insertions(+), 14 deletions(-) (limited to 'internal/readpassword') diff --git a/internal/readpassword/extpass_test.go b/internal/readpassword/extpass_test.go index 4af775a..cdfea4e 100644 --- a/internal/readpassword/extpass_test.go +++ b/internal/readpassword/extpass_test.go @@ -8,6 +8,8 @@ import ( "github.com/rfjakob/gocryptfs/internal/tlog" ) +var testPw = []byte("test") + func TestMain(m *testing.M) { // Shut up info output tlog.Info.Enabled = false @@ -16,7 +18,7 @@ func TestMain(m *testing.M) { func TestExtpass(t *testing.T) { p1 := "ads2q4tw41reg52" - p2 := readPasswordExtpass("echo " + p1) + p2 := string(readPasswordExtpass("echo " + p1)) if p1 != p2 { t.Errorf("p1=%q != p2=%q", p1, p2) } @@ -24,7 +26,7 @@ func TestExtpass(t *testing.T) { func TestOnceExtpass(t *testing.T) { p1 := "lkadsf0923rdfi48rqwhdsf" - p2 := Once("echo " + p1) + p2 := string(Once("echo " + p1)) if p1 != p2 { t.Errorf("p1=%q != p2=%q", p1, p2) } @@ -32,7 +34,7 @@ func TestOnceExtpass(t *testing.T) { func TestTwiceExtpass(t *testing.T) { p1 := "w5w44t3wfe45srz434" - p2 := Once("echo " + p1) + p2 := string(Once("echo " + p1)) if p1 != p2 { t.Errorf("p1=%q != p2=%q", p1, p2) } diff --git a/internal/readpassword/read.go b/internal/readpassword/read.go index 481911b..047eba9 100644 --- a/internal/readpassword/read.go +++ b/internal/readpassword/read.go @@ -2,6 +2,7 @@ package readpassword import ( + "bytes" "fmt" "io" "os" @@ -23,7 +24,7 @@ const ( // Once tries to get a password from the user, either from the terminal, extpass // or stdin. -func Once(extpass string) string { +func Once(extpass string) []byte { if extpass != "" { return readPasswordExtpass(extpass) } @@ -35,7 +36,7 @@ func Once(extpass string) string { // Twice is the same as Once but will prompt twice if we get the password from // the terminal. -func Twice(extpass string) string { +func Twice(extpass string) []byte { if extpass != "" { return readPasswordExtpass(extpass) } @@ -44,7 +45,7 @@ func Twice(extpass string) string { } p1 := readPasswordTerminal("Password: ") p2 := readPasswordTerminal("Repeat: ") - if p1 != p2 { + if !bytes.Equal(p1, p2) { tlog.Fatal.Println("Passwords do not match") os.Exit(exitcodes.ReadPassword) } @@ -53,7 +54,7 @@ func Twice(extpass string) string { // readPasswordTerminal reads a line from the terminal. // Exits on read error or empty result. -func readPasswordTerminal(prompt string) string { +func readPasswordTerminal(prompt string) []byte { fd := int(os.Stdin.Fd()) fmt.Fprintf(os.Stderr, prompt) // terminal.ReadPassword removes the trailing newline @@ -67,12 +68,12 @@ func readPasswordTerminal(prompt string) string { tlog.Fatal.Println("Password is empty") os.Exit(exitcodes.PasswordEmpty) } - return string(p) + return p } // readPasswordStdin reads a line from stdin. // It exits with a fatal error on read error or empty result. -func readPasswordStdin() string { +func readPasswordStdin() []byte { tlog.Info.Println("Reading password from stdin") p := readLineUnbuffered(os.Stdin) if len(p) == 0 { @@ -85,7 +86,7 @@ func readPasswordStdin() string { // readPasswordExtpass executes the "extpass" program and returns the first line // of the output. // Exits on read error or empty result. -func readPasswordExtpass(extpass string) string { +func readPasswordExtpass(extpass string) []byte { tlog.Info.Println("Reading password from extpass program") var parts []string // The option "-passfile=FILE" gets transformed to @@ -125,7 +126,7 @@ func readPasswordExtpass(extpass string) string { // readLineUnbuffered reads single bytes from "r" util it gets "\n" or EOF. // The returned string does NOT contain the trailing "\n". -func readLineUnbuffered(r io.Reader) (l string) { +func readLineUnbuffered(r io.Reader) (l []byte) { b := make([]byte, 1) for { if len(l) > maxPasswordLen { @@ -146,7 +147,7 @@ func readLineUnbuffered(r io.Reader) (l string) { if b[0] == '\n' { return l } - l = l + string(b) + l = append(l, b...) } } diff --git a/internal/readpassword/stdin_test.go b/internal/readpassword/stdin_test.go index 2d9f93f..8cf9954 100644 --- a/internal/readpassword/stdin_test.go +++ b/internal/readpassword/stdin_test.go @@ -11,7 +11,7 @@ import ( func TestStdin(t *testing.T) { p1 := "g55434t55wef" if os.Getenv("TEST_SLAVE") == "1" { - p2 := readPasswordStdin() + p2 := string(readPasswordStdin()) if p1 != p2 { fmt.Fprintf(os.Stderr, "%q != %q", p1, p2) os.Exit(1) @@ -44,7 +44,7 @@ func TestStdin(t *testing.T) { func TestStdinEof(t *testing.T) { p1 := "asd45as5f4a36" if os.Getenv("TEST_SLAVE") == "1" { - p2 := readPasswordStdin() + p2 := string(readPasswordStdin()) if p1 != p2 { fmt.Fprintf(os.Stderr, "%q != %q", p1, p2) os.Exit(1) -- cgit v1.2.3