From 15a091cc49e3b1a206c7ec72f746d63a68cde33e Mon Sep 17 00:00:00 2001 From: LoRd_MuldeR Date: Fri, 16 Oct 2020 18:05:37 +0200 Subject: [PATCH] Some attempt to clear the passphrase command-line argument from the memory. --- frontend/src/main.c | 14 +++++++++++--- frontend/src/utils.c | 4 ++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/frontend/src/main.c b/frontend/src/main.c index e68864f..e275a99 100644 --- a/frontend/src/main.c +++ b/frontend/src/main.c @@ -16,6 +16,7 @@ #include #define BUFF_SIZE 4096U + static const CHR *const ENVV_PASSWD_NAME = T("MCRYPT_PASSWD"); static volatile int g_interrupted = 0; @@ -114,6 +115,7 @@ static int encrypt(const char* const passphrase, const CHR* const input_path, co } FPUTS(T("Encrypting file contents, please be patient... "), stderr); + fflush(stderr); uint64_t seed; if (mcrypt_generate_seed(&seed) != MCRYPT_SUCCESS) @@ -140,6 +142,7 @@ static int encrypt(const char* const passphrase, const CHR* const input_path, co uint8_t buffer[BUFF_SIZE]; FPRINTF(stderr, T("%5.1f%% "), 0.0); + fflush(stderr); while (bytes_read < file_size) { @@ -248,6 +251,7 @@ static int decrypt(const char* const passphrase, const CHR* const input_path, co } FPUTS(T("Decrypting file contents, please be patient... "), stderr); + fflush(stderr); uint64_t seed; if (fread(&seed, sizeof(uint64_t), 1U, file_in) < 1U) @@ -269,6 +273,7 @@ static int decrypt(const char* const passphrase, const CHR* const input_path, co const uint64_t read_limit = file_size - sizeof(uint64_t); FPRINTF(stderr, T("%5.1f%% "), 0.0); + fflush(stderr); while (bytes_read < read_limit) { @@ -444,13 +449,15 @@ static int self_test(void) const char* const test_data[] = { TEST_DATA_0, TEST_DATA_1, TEST_DATA_2, TEST_DATA_3, NULL }; size_t completed = 0U; - FPRINTF(stderr, T("Self-test is running, please be patient... %2u/%2u"), (unsigned int)completed, (unsigned int)total); + FPRINTF(stderr, T("Self-test is running, please be patient... %2u/%2u "), (unsigned int)completed, (unsigned int)total); + fflush(stderr); for (size_t i = 0U; i < 8U; ++i) { for (size_t j = 0U; test_data[j]; ++j) { - FPRINTF(stderr, T("\b\b\b\b\b%2u/%2u"), (unsigned int)++completed, (unsigned int)total); + FPRINTF(stderr, T("\b\b\b\b\b\b%2u/%2u "), (unsigned int)++completed, (unsigned int)total); + fflush(stderr); if (run_test(test_data[j])) { return 1; @@ -545,6 +552,8 @@ int MAIN(int argc, CHR* argv[]) return 1; } + mcrypt_bzero((CHR*)passphrase, STRLEN(passphrase) * sizeof(CHR)); + if (strlen(passphrase_buffer) < 12U) { FPUTS(T("Warning: Using a *short* passphrase; a length of 12 characters or more is recommended!\n\n"), stderr); @@ -587,6 +596,5 @@ exiting: free(passphrase_buffer); } - mcrypt_bzero((CHR*)passphrase, STRLEN(passphrase) * sizeof(CHR)); return result; } diff --git a/frontend/src/utils.c b/frontend/src/utils.c index 8643c2e..dd16004 100644 --- a/frontend/src/utils.c +++ b/frontend/src/utils.c @@ -24,6 +24,8 @@ #define S_IFMT _S_IFMT #define S_IFDIR _S_IFDIR #define S_IFIFO _S_IFIFO +extern char *const _acmdln; +extern wchar_t *const _wcmdln; #else #if defined(__USE_LARGEFILE64) && (__USE_LARGEFILE64) #define STAT_T struct stat64 @@ -40,6 +42,8 @@ void init_terminal(void) #ifdef _WIN32 SetErrorMode(SEM_FAILCRITICALERRORS | SEM_NOGPFAULTERRORBOX); _setmode(_fileno(stderr), _O_U8TEXT); + if (_acmdln) SecureZeroMemory(_acmdln, strlen(_acmdln) * sizeof(char)); + if (_wcmdln) SecureZeroMemory(_wcmdln, wcslen(_wcmdln) * sizeof(wchar_t)); #endif }