[svn] GnuPG - r4422 - branches/STABLE-BRANCH-1-4/util

svn author dshaw cvs at cvs.gnupg.org
Thu Feb 1 05:21:08 CET 2007


Author: dshaw
Date: 2007-02-01 05:21:07 +0100 (Thu, 01 Feb 2007)
New Revision: 4422

Modified:
   branches/STABLE-BRANCH-1-4/util/ChangeLog
   branches/STABLE-BRANCH-1-4/util/ttyio.c
Log:
* ttyio.c (do_get): Assume that anything read from the user without
echoing to the screen is sensitive and put it in secure memory.
Suggested by Benjamin Bennett.


Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/util/ChangeLog	2007-01-31 21:39:26 UTC (rev 4421)
+++ branches/STABLE-BRANCH-1-4/util/ChangeLog	2007-02-01 04:21:07 UTC (rev 4422)
@@ -1,3 +1,9 @@
+2007-01-31  David Shaw  <dshaw at jabberwocky.com>
+
+	* ttyio.c (do_get): Assume that anything read from the user
+	without echoing to the screen is sensitive and put it in secure
+	memory.  Suggested by Benjamin Bennett.
+
 2006-12-14  Werner Koch  <wk at g10code.com>
 
 	* http.c (http_wait_response): No more shutdown.  Fixes bug#739.

Modified: branches/STABLE-BRANCH-1-4/util/ttyio.c
===================================================================
--- branches/STABLE-BRANCH-1-4/util/ttyio.c	2007-01-31 21:39:26 UTC (rev 4421)
+++ branches/STABLE-BRANCH-1-4/util/ttyio.c	2007-02-01 04:21:07 UTC (rev 4422)
@@ -405,7 +405,8 @@
 	init_ttyfp();
 
     last_prompt_len = 0;
-    buf = xmalloc(n=50);
+    n = 50;
+    buf = hidden ? xmalloc_secure(n) : xmalloc(n);
     i = 0;
 
 #ifdef _WIN32 /* windoze version */




More information about the Gnupg-commits mailing list