diff options
author | Sören Tempel <soeren+git@soeren-tempel.net> | 2016-08-17 00:07:21 +0200 |
---|---|---|
committer | Sören Tempel <soeren+git@soeren-tempel.net> | 2016-08-17 00:07:21 +0200 |
commit | 03a9fe9ad4ab48b474a171cc4759ea439e0bf480 (patch) | |
tree | fe51979617e0fac3a35bd615c703cfa1e7bdfd33 /testing | |
parent | e0375705834522103494d42d82f36e113cbb4836 (diff) | |
download | aports-03a9fe9ad4ab48b474a171cc4759ea439e0bf480.tar.bz2 aports-03a9fe9ad4ab48b474a171cc4759ea439e0bf480.tar.xz |
testing/slock: clear passwords with explicit_bzero
Diffstat (limited to 'testing')
-rw-r--r-- | testing/slock/0001-clear-passwords-with-explicit_bzero.patch | 146 | ||||
-rw-r--r-- | testing/slock/APKBUILD | 14 |
2 files changed, 155 insertions, 5 deletions
diff --git a/testing/slock/0001-clear-passwords-with-explicit_bzero.patch b/testing/slock/0001-clear-passwords-with-explicit_bzero.patch new file mode 100644 index 0000000000..69b6485c07 --- /dev/null +++ b/testing/slock/0001-clear-passwords-with-explicit_bzero.patch @@ -0,0 +1,146 @@ +From a7afade1701a809f6a33b53525d59dd29b38d381 Mon Sep 17 00:00:00 2001 +From: Hiltjo Posthuma <hiltjo@codemadness.org> +Date: Sun, 31 Jul 2016 13:43:00 +0200 +Subject: [PATCH] clear passwords with explicit_bzero + +Make sure to explicitly clear memory that is used for password input. memset +is often optimized out by the compiler. + +Brought to attention by the OpenBSD community, see: +https://marc.info/?t=146989502600003&r=1&w=2 +Thread subject: x11/slock: clear passwords with explicit_bzero + +Changes: + +- explicit_bzero.c import from libressl-portable. +- Makefile: add COMPATSRC for compatibility src. +- config.mk: add separate *BSD section in config.mk to simply uncomment it on + these platforms. +--- + Makefile | 6 +++--- + config.mk | 4 ++++ + explicit_bzero.c | 19 +++++++++++++++++++ + slock.c | 8 ++++++-- + util.h | 2 ++ + 5 files changed, 34 insertions(+), 5 deletions(-) + create mode 100644 explicit_bzero.c + create mode 100644 util.h + +diff --git a/Makefile b/Makefile +index 86b3437..8b3e248 100644 +--- a/Makefile ++++ b/Makefile +@@ -3,7 +3,7 @@ + + include config.mk + +-SRC = slock.c ++SRC = slock.c ${COMPATSRC} + OBJ = ${SRC:.c=.o} + + all: options slock +@@ -35,8 +35,8 @@ clean: + dist: clean + @echo creating dist tarball + @mkdir -p slock-${VERSION} +- @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \ +- slock-${VERSION} ++ @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \ ++ explicit_bzero.c slock.1 slock-${VERSION} + @tar -cf slock-${VERSION}.tar slock-${VERSION} + @gzip slock-${VERSION}.tar + @rm -rf slock-${VERSION} +diff --git a/config.mk b/config.mk +index f93879e..3afc061 100644 +--- a/config.mk ++++ b/config.mk +@@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr + CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H + CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS} + LDFLAGS = -s ${LIBS} ++COMPATSRC = explicit_bzero.c + + # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH + # On OpenBSD and Darwin remove -lcrypt from LIBS ++#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr ++#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE ++#COMPATSRC = + + # compiler and linker + CC = cc +diff --git a/explicit_bzero.c b/explicit_bzero.c +new file mode 100644 +index 0000000..3e33ca8 +--- /dev/null ++++ b/explicit_bzero.c +@@ -0,0 +1,19 @@ ++/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */ ++/* ++ * Public domain. ++ * Written by Matthew Dempsky. ++ */ ++ ++#include <string.h> ++ ++__attribute__((weak)) void ++__explicit_bzero_hook(void *buf, size_t len) ++{ ++} ++ ++void ++explicit_bzero(void *buf, size_t len) ++{ ++ memset(buf, 0, len); ++ __explicit_bzero_hook(buf, len); ++} +diff --git a/slock.c b/slock.c +index c9cdee2..a00fbb9 100644 +--- a/slock.c ++++ b/slock.c +@@ -23,6 +23,8 @@ + #include <bsd_auth.h> + #endif + ++#include "util.h" ++ + enum { + INIT, + INPUT, +@@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws) + * timeout. */ + while (running && !XNextEvent(dpy, &ev)) { + if (ev.type == KeyPress) { +- buf[0] = 0; ++ explicit_bzero(&buf, sizeof(buf)); + num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0); + if (IsKeypadKey(ksym)) { + if (ksym == XK_KP_Enter) +@@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws) + XBell(dpy, 100); + failure = True; + } ++ explicit_bzero(&passwd, sizeof(passwd)); + len = 0; + break; + case XK_Escape: ++ explicit_bzero(&passwd, sizeof(passwd)); + len = 0; + break; + case XK_BackSpace: + if (len) +- --len; ++ passwd[len--] = 0; + break; + default: + if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) { +diff --git a/util.h b/util.h +new file mode 100644 +index 0000000..6f748b8 +--- /dev/null ++++ b/util.h +@@ -0,0 +1,2 @@ ++#undef explicit_bzero ++void explicit_bzero(void *, size_t); +-- +2.9.3 + diff --git a/testing/slock/APKBUILD b/testing/slock/APKBUILD index 7f7b601f89..dcc42b520b 100644 --- a/testing/slock/APKBUILD +++ b/testing/slock/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net> pkgname=slock pkgver=1.3 -pkgrel=1 +pkgrel=2 pkgdesc="A simple screen locker for X" url="http://tools.suckless.org/slock/" arch="all" @@ -13,7 +13,8 @@ makedepends="libxext-dev libxrandr-dev linux-headers" install="" options="suid" subpackages="$pkgname-doc" -source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz" +source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz + 0001-clear-passwords-with-explicit_bzero.patch" builddir="$srcdir/$pkgname-$pkgver" prepare() { @@ -33,6 +34,9 @@ package() { -C "$builddir" install || return 1 } -md5sums="825aaeccba9b3b3c1f3d249d47c1396a slock-1.3.tar.gz" -sha256sums="bab4a3aea4046aa0fd0361c3649b79b90ca531bc5dfae3c4a6c0fe436152bd18 slock-1.3.tar.gz" -sha512sums="5024588f6d25f9d72a9d2b8ef9d8a2a94e5d5e53f30f4a15df83b693a3706b1ad6550422f36af29f54429a9c516d14a349e46aeb9896c6e32009ff0da5c02a8f slock-1.3.tar.gz" +md5sums="825aaeccba9b3b3c1f3d249d47c1396a slock-1.3.tar.gz +ca1f6e27e0b86101964c3a0d196d6520 0001-clear-passwords-with-explicit_bzero.patch" +sha256sums="bab4a3aea4046aa0fd0361c3649b79b90ca531bc5dfae3c4a6c0fe436152bd18 slock-1.3.tar.gz +4ed77e1955536f4d9cbb104a197a129f1abf0686088cff299ee72537eea56905 0001-clear-passwords-with-explicit_bzero.patch" +sha512sums="5024588f6d25f9d72a9d2b8ef9d8a2a94e5d5e53f30f4a15df83b693a3706b1ad6550422f36af29f54429a9c516d14a349e46aeb9896c6e32009ff0da5c02a8f slock-1.3.tar.gz +3b7f03c135694de6aa145587ec272ed21047c2a51e448011cb51ad447a39973a7ec9d760f42aca4dc0d22904b78b2668ffeab4c0a9d24cd6b6af88bb95cdaf38 0001-clear-passwords-with-explicit_bzero.patch" |