From ad6aa21c43bb87c917e21416f3ba448b634a98f8 Mon Sep 17 00:00:00 2001 From: Geoff Greer Date: Thu, 12 Apr 2018 17:38:24 -0700 Subject: swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 --- include/swaylock/swaylock.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include') diff --git a/include/swaylock/swaylock.h b/include/swaylock/swaylock.h index 173e8b12..ed9fea19 100644 --- a/include/swaylock/swaylock.h +++ b/include/swaylock/swaylock.h @@ -24,9 +24,8 @@ struct swaylock_args { }; struct swaylock_password { - size_t size; size_t len; - char *buffer; + char buffer[1024]; }; struct swaylock_state { -- cgit v1.2.3