[PATCH] Re: --passphrase and command line

hymie! hymie at lactose.homelinux.net
Thu Jan 15 13:39:06 CET 2015

Thanks for the patch.  If nothing else, it's something to play with.

In our last episode, the evil Dr. Lacto had captured our hero,
  Daniel Kahn Gillmor <dkg at fifthhorseman.net>, who said:
> 2) it still leaks the length of the password, since there is one x per
>    character.

Being only an amateur programmer, I wonder if you could free the
existing pointer and replace it with a char[6] and always have a
"xxxxx" as the replacement string.

I see from the patch below that you aren't accessing argv itself,
so I don't know if that's feasible or not.  Just an idea.

>It would be bad if this encouraged the use of the --passphrase option
>*anywhere*, though, since it really is the worst way to use the tools.

Worse than not using them at all?


>diff --git a/g10/gpg.c b/g10/gpg.c
>index 12fe7b2..589d6c8 100644
>--- a/g10/gpg.c
>+++ b/g10/gpg.c
>@@ -2713,6 +2713,11 @@ main (int argc, char **argv)
> 	  case oBZ2DecompressLowmem: opt.bz2_decompress_lowmem=1; break;
> 	  case oPassphrase:
> 	    set_passphrase_from_string(pargs.r.ret_str);
>+            {
>+              size_t i, l = strlen(pargs.r.ret_str);
>+              for (i=0; i < l; i++)
>+                pargs.r.ret_str[i] = 'x';
>+            }
> 	    break;
> 	  case oPassphraseFD:
>             pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);

More information about the Gnupg-devel mailing list