[gparted] Stop copying password into insecure memory when getting entry (#795617)
- From: Curtis Gedak <gedakc src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gparted] Stop copying password into insecure memory when getting entry (#795617)
- Date: Mon, 30 Apr 2018 18:42:50 +0000 (UTC)
commit 3d49fdc2e44f01ba3fcdc6a1c9ab0c1ee2067450
Author: Mike Fleetwood <mike fleetwood googlemail com>
Date: Thu Mar 22 17:12:45 2018 +0000
Stop copying password into insecure memory when getting entry (#795617)
The underlying C coded Gtk Entry widget is careful to zero memory after
use, allowing the widget to be safely used for password entry [1].
However the C++ method Gtk::Entry::get_text() just takes the underlying
C string from the Gtk Entry widget and copies it when constructing a
Glib::ustring for the return value [2].
So directly use the Gtk/C API to get the C string instead.
[1] https://git.gnome.org/browse/gtk+/tree/gtk/gtkentrybuffer.c?h=3.22.28#n92
See function trash_area() which zeros memory and its use in
gtk_entry_buffer_normal_insert_text(),
gtk_entry_buffer_normal_delete_text() and
gtk_entry_buffer_finalize().
[2] https://git.gnome.org/browse/gtkmm/tree/gtk/src/entry.hg?h=3.22.2#n104
_WRAP_METHOD(Glib::ustring get_text() const, gtk_entry_get_text)
https://git.gnome.org/browse/glibmm/tree/docs/internal/using_gmmproc.txt?h=2.46.1#n53
_WRAP_METHOD(Glib::ustring METHOD const, FUNC) is processed to:
Glib::ustring METHOD() const
{
return Glib::convert_const_gchar_ptr_to_ustring(
FUNC(const_cast<GtkEntry*>(gobj())));
}
https://git.gnome.org/browse/glibmm/tree/glib/glibmm/utility.h?h=2.46.1#n82
Glib::ustring convert_const_gchar_ptr_to_ustring(const char* str)
{
return (str) ? Glib::ustring(str) : Glib::ustring();
}
So Gtk::Entry::get_text() calls Glib::ustring() constructor which
copies the C string to create the Glib::ustring object returned.
Bug 795617 - Implement opening and closing of LUKS mappings
include/DialogPasswordEntry.h | 3 +--
src/DialogPasswordEntry.cc | 8 ++++++--
src/Win_GParted.cc | 2 +-
3 files changed, 8 insertions(+), 5 deletions(-)
---
diff --git a/include/DialogPasswordEntry.h b/include/DialogPasswordEntry.h
index c351c26..367913d 100644
--- a/include/DialogPasswordEntry.h
+++ b/include/DialogPasswordEntry.h
@@ -20,7 +20,6 @@
#include "Partition.h"
#include <gtkmm/dialog.h>
-#include <glibmm/ustring.h>
#include <gtkmm/entry.h>
namespace GParted
@@ -31,7 +30,7 @@ class DialogPasswordEntry : public Gtk::Dialog
public:
DialogPasswordEntry( const Partition & partition );
~DialogPasswordEntry();
- Glib::ustring get_password();
+ const char * get_password();
private:
Gtk::Entry *entry;
diff --git a/src/DialogPasswordEntry.cc b/src/DialogPasswordEntry.cc
index e772c4e..73f8839 100644
--- a/src/DialogPasswordEntry.cc
+++ b/src/DialogPasswordEntry.cc
@@ -20,6 +20,7 @@
#include <glibmm/ustring.h>
#include <gtkmm/box.h>
#include <gtkmm/stock.h>
+#include <gtk/gtkentry.h>
namespace GParted
{
@@ -68,9 +69,12 @@ DialogPasswordEntry::~DialogPasswordEntry()
{
}
-Glib::ustring DialogPasswordEntry::get_password()
+const char * DialogPasswordEntry::get_password()
{
- return Glib::ustring( entry->get_text() );
+ // Avoid using the gtkmm C++ entry->get_text() because that constructs a
+ // Glib::ustring, copying the password from the underlying C GtkEntry object into
+ // an unsecured malloced chunk of memory.
+ return (const char *)gtk_entry_get_text( GTK_ENTRY( entry->gobj() ) );
}
} //GParted
diff --git a/src/Win_GParted.cc b/src/Win_GParted.cc
index 3e32a7c..273a950 100644
--- a/src/Win_GParted.cc
+++ b/src/Win_GParted.cc
@@ -2563,7 +2563,7 @@ void Win_GParted::toggle_crypt_busy_state()
return;
success = open_encrypted_partition( *selected_partition_ptr,
- dialog.get_password().c_str(),
+ dialog.get_password(),
error_msg );
} while ( ! success );
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
