eliott/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird synced 2026-05-05 06:32:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

LibCore: Make get_password return SecretString instead of String

Browse Source 
We shouldn't let secrets sit around in memory, as they could potentially
be retrieved by an attacker, or left in memory during a core dump.
This commit is contained in:
Brian Gianforcaro
2021-09-11 09:53:25 -07:00
committed by Andreas Kling
parent 3bf6902790
commit 9e667453c7
Notes: sideshowbarker 2024-07-18 04:08:21 +09:00 
Author: https://github.com/bgianfo
Commit: https://github.com/SerenityOS/serenity/commit/9e667453c7e
Pull-request: https://github.com/SerenityOS/serenity/pull/9972
Reviewed-by: https://github.com/awesomekling
Reviewed-by: https://github.com/petelliott
6 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Userland/Libraries/LibCore/GetPassword.cpp
View File

@@ -13,7 +13,7 @@
namespace Core {
Result<String, OSError> get_password(const StringView& prompt)
Result<SecretString, OSError> get_password(const StringView& prompt)
{
if (write(STDOUT_FILENO, prompt.characters_without_null_termination(), prompt.length()) < 0)
return OSError(errno);
@@ -44,8 +44,6 @@ Result<String, OSError> get_password(const StringView& prompt)
// Remove trailing '\n' read by getline().
password[line_length - 1] = '\0';
String s(password);
free(password);
return s;
return SecretString::take_ownership(password, line_length);
}
}