aboutsummaryrefslogtreecommitdiffstats
path: root/testing
diff options
context:
space:
mode:
authorSören Tempel <soeren+git@soeren-tempel.net>2016-08-17 00:07:21 +0200
committerSören Tempel <soeren+git@soeren-tempel.net>2016-08-17 00:07:21 +0200
commit03a9fe9ad4ab48b474a171cc4759ea439e0bf480 (patch)
treefe51979617e0fac3a35bd615c703cfa1e7bdfd33 /testing
parente0375705834522103494d42d82f36e113cbb4836 (diff)
downloadaports-03a9fe9ad4ab48b474a171cc4759ea439e0bf480.tar.bz2
aports-03a9fe9ad4ab48b474a171cc4759ea439e0bf480.tar.xz
testing/slock: clear passwords with explicit_bzero
Diffstat (limited to 'testing')
-rw-r--r--testing/slock/0001-clear-passwords-with-explicit_bzero.patch146
-rw-r--r--testing/slock/APKBUILD14
2 files changed, 155 insertions, 5 deletions
diff --git a/testing/slock/0001-clear-passwords-with-explicit_bzero.patch b/testing/slock/0001-clear-passwords-with-explicit_bzero.patch
new file mode 100644
index 0000000000..69b6485c07
--- /dev/null
+++ b/testing/slock/0001-clear-passwords-with-explicit_bzero.patch
@@ -0,0 +1,146 @@
+From a7afade1701a809f6a33b53525d59dd29b38d381 Mon Sep 17 00:00:00 2001
+From: Hiltjo Posthuma <hiltjo@codemadness.org>
+Date: Sun, 31 Jul 2016 13:43:00 +0200
+Subject: [PATCH] clear passwords with explicit_bzero
+
+Make sure to explicitly clear memory that is used for password input. memset
+is often optimized out by the compiler.
+
+Brought to attention by the OpenBSD community, see:
+https://marc.info/?t=146989502600003&r=1&w=2
+Thread subject: x11/slock: clear passwords with explicit_bzero
+
+Changes:
+
+- explicit_bzero.c import from libressl-portable.
+- Makefile: add COMPATSRC for compatibility src.
+- config.mk: add separate *BSD section in config.mk to simply uncomment it on
+ these platforms.
+---
+ Makefile | 6 +++---
+ config.mk | 4 ++++
+ explicit_bzero.c | 19 +++++++++++++++++++
+ slock.c | 8 ++++++--
+ util.h | 2 ++
+ 5 files changed, 34 insertions(+), 5 deletions(-)
+ create mode 100644 explicit_bzero.c
+ create mode 100644 util.h
+
+diff --git a/Makefile b/Makefile
+index 86b3437..8b3e248 100644
+--- a/Makefile
++++ b/Makefile
+@@ -3,7 +3,7 @@
+
+ include config.mk
+
+-SRC = slock.c
++SRC = slock.c ${COMPATSRC}
+ OBJ = ${SRC:.c=.o}
+
+ all: options slock
+@@ -35,8 +35,8 @@ clean:
+ dist: clean
+ @echo creating dist tarball
+ @mkdir -p slock-${VERSION}
+- @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} slock.1 \
+- slock-${VERSION}
++ @cp -R LICENSE Makefile README config.def.h config.mk ${SRC} \
++ explicit_bzero.c slock.1 slock-${VERSION}
+ @tar -cf slock-${VERSION}.tar slock-${VERSION}
+ @gzip slock-${VERSION}.tar
+ @rm -rf slock-${VERSION}
+diff --git a/config.mk b/config.mk
+index f93879e..3afc061 100644
+--- a/config.mk
++++ b/config.mk
+@@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
+ CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
+ CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
+ LDFLAGS = -s ${LIBS}
++COMPATSRC = explicit_bzero.c
+
+ # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
+ # On OpenBSD and Darwin remove -lcrypt from LIBS
++#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
++#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
++#COMPATSRC =
+
+ # compiler and linker
+ CC = cc
+diff --git a/explicit_bzero.c b/explicit_bzero.c
+new file mode 100644
+index 0000000..3e33ca8
+--- /dev/null
++++ b/explicit_bzero.c
+@@ -0,0 +1,19 @@
++/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
++/*
++ * Public domain.
++ * Written by Matthew Dempsky.
++ */
++
++#include <string.h>
++
++__attribute__((weak)) void
++__explicit_bzero_hook(void *buf, size_t len)
++{
++}
++
++void
++explicit_bzero(void *buf, size_t len)
++{
++ memset(buf, 0, len);
++ __explicit_bzero_hook(buf, len);
++}
+diff --git a/slock.c b/slock.c
+index c9cdee2..a00fbb9 100644
+--- a/slock.c
++++ b/slock.c
+@@ -23,6 +23,8 @@
+ #include <bsd_auth.h>
+ #endif
+
++#include "util.h"
++
+ enum {
+ INIT,
+ INPUT,
+@@ -135,7 +137,7 @@ readpw(Display *dpy, const char *pws)
+ * timeout. */
+ while (running && !XNextEvent(dpy, &ev)) {
+ if (ev.type == KeyPress) {
+- buf[0] = 0;
++ explicit_bzero(&buf, sizeof(buf));
+ num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
+ if (IsKeypadKey(ksym)) {
+ if (ksym == XK_KP_Enter)
+@@ -161,14 +163,16 @@ readpw(Display *dpy, const char *pws)
+ XBell(dpy, 100);
+ failure = True;
+ }
++ explicit_bzero(&passwd, sizeof(passwd));
+ len = 0;
+ break;
+ case XK_Escape:
++ explicit_bzero(&passwd, sizeof(passwd));
+ len = 0;
+ break;
+ case XK_BackSpace:
+ if (len)
+- --len;
++ passwd[len--] = 0;
+ break;
+ default:
+ if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
+diff --git a/util.h b/util.h
+new file mode 100644
+index 0000000..6f748b8
+--- /dev/null
++++ b/util.h
+@@ -0,0 +1,2 @@
++#undef explicit_bzero
++void explicit_bzero(void *, size_t);
+--
+2.9.3
+
diff --git a/testing/slock/APKBUILD b/testing/slock/APKBUILD
index 7f7b601f89..dcc42b520b 100644
--- a/testing/slock/APKBUILD
+++ b/testing/slock/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
pkgname=slock
pkgver=1.3
-pkgrel=1
+pkgrel=2
pkgdesc="A simple screen locker for X"
url="http://tools.suckless.org/slock/"
arch="all"
@@ -13,7 +13,8 @@ makedepends="libxext-dev libxrandr-dev linux-headers"
install=""
options="suid"
subpackages="$pkgname-doc"
-source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz"
+source="http://dl.suckless.org/tools/$pkgname-$pkgver.tar.gz
+ 0001-clear-passwords-with-explicit_bzero.patch"
builddir="$srcdir/$pkgname-$pkgver"
prepare() {
@@ -33,6 +34,9 @@ package() {
-C "$builddir" install || return 1
}
-md5sums="825aaeccba9b3b3c1f3d249d47c1396a slock-1.3.tar.gz"
-sha256sums="bab4a3aea4046aa0fd0361c3649b79b90ca531bc5dfae3c4a6c0fe436152bd18 slock-1.3.tar.gz"
-sha512sums="5024588f6d25f9d72a9d2b8ef9d8a2a94e5d5e53f30f4a15df83b693a3706b1ad6550422f36af29f54429a9c516d14a349e46aeb9896c6e32009ff0da5c02a8f slock-1.3.tar.gz"
+md5sums="825aaeccba9b3b3c1f3d249d47c1396a slock-1.3.tar.gz
+ca1f6e27e0b86101964c3a0d196d6520 0001-clear-passwords-with-explicit_bzero.patch"
+sha256sums="bab4a3aea4046aa0fd0361c3649b79b90ca531bc5dfae3c4a6c0fe436152bd18 slock-1.3.tar.gz
+4ed77e1955536f4d9cbb104a197a129f1abf0686088cff299ee72537eea56905 0001-clear-passwords-with-explicit_bzero.patch"
+sha512sums="5024588f6d25f9d72a9d2b8ef9d8a2a94e5d5e53f30f4a15df83b693a3706b1ad6550422f36af29f54429a9c516d14a349e46aeb9896c6e32009ff0da5c02a8f slock-1.3.tar.gz
+3b7f03c135694de6aa145587ec272ed21047c2a51e448011cb51ad447a39973a7ec9d760f42aca4dc0d22904b78b2668ffeab4c0a9d24cd6b6af88bb95cdaf38 0001-clear-passwords-with-explicit_bzero.patch"