[svn] GnuPG - r4422 - branches/STABLE-BRANCH-1-4/util
svn author dshaw
cvs at cvs.gnupg.org
Thu Feb 1 05:21:08 CET 2007
Author: dshaw
Date: 2007-02-01 05:21:07 +0100 (Thu, 01 Feb 2007)
New Revision: 4422
Modified:
branches/STABLE-BRANCH-1-4/util/ChangeLog
branches/STABLE-BRANCH-1-4/util/ttyio.c
Log:
* ttyio.c (do_get): Assume that anything read from the user without
echoing to the screen is sensitive and put it in secure memory.
Suggested by Benjamin Bennett.
Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-01-31 21:39:26 UTC (rev 4421)
+++ branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-02-01 04:21:07 UTC (rev 4422)
@@ -1,3 +1,9 @@
+2007-01-31 David Shaw <dshaw at jabberwocky.com>
+
+ * ttyio.c (do_get): Assume that anything read from the user
+ without echoing to the screen is sensitive and put it in secure
+ memory. Suggested by Benjamin Bennett.
+
2006-12-14 Werner Koch <wk at g10code.com>
* http.c (http_wait_response): No more shutdown. Fixes bug#739.
Modified: branches/STABLE-BRANCH-1-4/util/ttyio.c
===================================================================
--- branches/STABLE-BRANCH-1-4/util/ttyio.c 2007-01-31 21:39:26 UTC (rev 4421)
+++ branches/STABLE-BRANCH-1-4/util/ttyio.c 2007-02-01 04:21:07 UTC (rev 4422)
@@ -405,7 +405,8 @@
init_ttyfp();
last_prompt_len = 0;
- buf = xmalloc(n=50);
+ n = 50;
+ buf = hidden ? xmalloc_secure(n) : xmalloc(n);
i = 0;
#ifdef _WIN32 /* windoze version */
More information about the Gnupg-commits
mailing list