[patch] Use readpassphrase in ikectl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[patch] Use readpassphrase in ikectl

Matthew Martin
While making the last patch, I noticed ikectl uses getpass. Use
readpassphrase instead and explicit_bzero the buffers.

- Matthew Martin



diff --git ikeca.c ikeca.c
index 69ca076407b..2ec010a5831 100644
--- ikeca.c
+++ ikeca.c
@@ -22,6 +22,7 @@
 #include <unistd.h>
 #include <err.h>
 #include <errno.h>
+#include <readpassphrase.h>
 #include <string.h>
 #include <stdlib.h>
 #include <sys/wait.h>
@@ -636,7 +637,7 @@ ca_export(struct ca *ca, char *keyname, char *myname, char *password)
  DIR *dexp;
  struct dirent *de;
  struct stat st;
- char *pass;
+ char pass[_PASSWORD_LEN + 1];
  char prev[_PASSWORD_LEN + 1];
  char passenv[_PASSWORD_LEN + 8];
  char oname[PATH_MAX];
@@ -667,16 +668,21 @@ ca_export(struct ca *ca, char *keyname, char *myname, char *password)
  if (password != NULL)
  snprintf(passenv, sizeof(passenv), "EXPASS=%s", password);
  else {
- pass = getpass("Export passphrase:");
- if (pass == NULL || *pass == '\0')
- err(1, "password not set");
-
- strlcpy(prev, pass, sizeof(prev));
- pass = getpass("Retype export passphrase:");
- if (pass == NULL || strcmp(prev, pass) != 0)
+ if (readpassphrase("Export passphrase:", prev, sizeof(prev), 0)
+    == NULL)
+ errx(1, "unable to read passphrase");
+ if (*prev == '\0')
+ errx(1, "password not set");
+
+ if (readpassphrase("Retype export passphrase:", pass,
+    sizeof(pass), 0) == NULL)
+ errx(1, "unable to read passphrase");
+ if (strcmp(prev, pass) != 0)
  errx(1, "passphrase does not match!");
 
  snprintf(passenv, sizeof(passenv), "EXPASS=%s", pass);
+ explicit_bzero(pass, sizeof(pass));
+ explicit_bzero(prev, sizeof(prev));
  }
 
  snprintf(cacrt, sizeof(cacrt), "%s/ca.crt", ca->sslpath);

Reply | Threaded
Open this post in threaded view
|

Re: [patch] Use readpassphrase in ikectl

Jonathan Gray-11
On Fri, May 19, 2017 at 12:35:44AM -0500, Matthew Martin wrote:
> While making the last patch, I noticed ikectl uses getpass. Use
> readpassphrase instead and explicit_bzero the buffers.
>
> - Matthew Martin

What is the goal here?  It can't be to use a different buffer size as
the same size as getpass is used.

getpass is implemented in terms of readpassphrase.  Looking at the
implementation the flags argument should be RPP_ECHO_OFF (0) rather
than just 0.

char *
getpass(const char *prompt)
{
        static char buf[_PASSWORD_LEN + 1];

        return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF));
}

>
>
>
> diff --git ikeca.c ikeca.c
> index 69ca076407b..2ec010a5831 100644
> --- ikeca.c
> +++ ikeca.c
> @@ -22,6 +22,7 @@
>  #include <unistd.h>
>  #include <err.h>
>  #include <errno.h>
> +#include <readpassphrase.h>
>  #include <string.h>
>  #include <stdlib.h>
>  #include <sys/wait.h>
> @@ -636,7 +637,7 @@ ca_export(struct ca *ca, char *keyname, char *myname, char *password)
>   DIR *dexp;
>   struct dirent *de;
>   struct stat st;
> - char *pass;
> + char pass[_PASSWORD_LEN + 1];
>   char prev[_PASSWORD_LEN + 1];
>   char passenv[_PASSWORD_LEN + 8];
>   char oname[PATH_MAX];
> @@ -667,16 +668,21 @@ ca_export(struct ca *ca, char *keyname, char *myname, char *password)
>   if (password != NULL)
>   snprintf(passenv, sizeof(passenv), "EXPASS=%s", password);
>   else {
> - pass = getpass("Export passphrase:");
> - if (pass == NULL || *pass == '\0')
> - err(1, "password not set");
> -
> - strlcpy(prev, pass, sizeof(prev));
> - pass = getpass("Retype export passphrase:");
> - if (pass == NULL || strcmp(prev, pass) != 0)
> + if (readpassphrase("Export passphrase:", prev, sizeof(prev), 0)
> +    == NULL)
> + errx(1, "unable to read passphrase");
> + if (*prev == '\0')
> + errx(1, "password not set");
> +
> + if (readpassphrase("Retype export passphrase:", pass,
> +    sizeof(pass), 0) == NULL)
> + errx(1, "unable to read passphrase");
> + if (strcmp(prev, pass) != 0)
>   errx(1, "passphrase does not match!");
>  
>   snprintf(passenv, sizeof(passenv), "EXPASS=%s", pass);
> + explicit_bzero(pass, sizeof(pass));
> + explicit_bzero(prev, sizeof(prev));
>   }
>  
>   snprintf(cacrt, sizeof(cacrt), "%s/ca.crt", ca->sslpath);
>

Reply | Threaded
Open this post in threaded view
|

Re: [patch] Use readpassphrase in ikectl

Matthew Martin
On Thu, Jun 08, 2017 at 10:33:07PM +1000, Jonathan Gray wrote:
> On Fri, May 19, 2017 at 12:35:44AM -0500, Matthew Martin wrote:
> > While making the last patch, I noticed ikectl uses getpass. Use
> > readpassphrase instead and explicit_bzero the buffers.
> >
> > - Matthew Martin
>
> What is the goal here?  It can't be to use a different buffer size as
> the same size as getpass is used.

getpass(3) states
    This function is obsolete.  Consider using readpassphrase(3).
which I took to mean replace the function when you come across it.
Perhaps I've misinterpreted things.

> getpass is implemented in terms of readpassphrase.  Looking at the
> implementation the flags argument should be RPP_ECHO_OFF (0) rather
> than just 0.

I believe you're correct.

- Matthew Martin