[PATCH 1/2] s3fs-popt: Add function to burn the commandline password.

Tue Nov 6 17:41:27 MST 2012

On Tue, Nov 6, 2012 at 3:27 AM, Andreas Schneider <asn at samba.org> wrote:
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
>  source3/include/popt_common.h |  1 +
>  source3/lib/popt_common.c     | 47 +++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 48 insertions(+)
>
> diff --git a/source3/include/popt_common.h b/source3/include/popt_common.h
> index 2125ed6..5266f36 100644
> --- a/source3/include/popt_common.h
> +++ b/source3/include/popt_common.h
> @@ -49,5 +49,6 @@ extern const struct poptOption popt_common_dynconfig[];
>  #define POPT_COMMON_OPTION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_option, 0, "Common samba commandline config:", NULL },
>
>  void popt_common_set_auth_info(struct user_auth_info *auth_info);
> +void popt_burn_cmdline_password(int argc, char *argv[]);
>
>  #endif /* _POPT_COMMON_H */
> diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
> index 94e551d..c072839 100644
> --- a/source3/lib/popt_common.c
> +++ b/source3/lib/popt_common.c
> @@ -605,6 +605,53 @@ void popt_common_set_auth_info(struct user_auth_info *auth_info)
>         global_auth_info = auth_info;
>  }
>
> +/**
> + * @brief Burn the commandline password.
> + *
> + * This function removes the password from the command line so we
> + * don't leak the password e.g. in 'ps aux'.
> + *
> + * It should be called after processing the options and you should pass down
> + * argv from main().
> + *
> + * @param[in]  argc     The number of arguments.
> + *
> + * @param[in]  argv[]   The argument array we will find the array.
> + */
> +void popt_burn_cmdline_password(int argc, char *argv[])
> +{
> +       bool found = false;
> +       char *p = NULL;
> +       int i, ulen = 0;
> +
> +       for (i = 0; i < argc; i++) {
> +               p = argv[i];
> +               if (strncmp(p, "-U", 2) == 0) {
> +                       ulen = 2;
> +                       found = true;
> +               } else if (strncmp(p, "--user", 6) == 0) {
> +                       ulen = 6;
> +                       found = true;
> +               }
> +
> +               if (found) {
> +                       if (p == NULL) {
> +                               return;
> +                       }
> +
> +                       if (strlen(p) == ulen) {
> +                               continue;
> +                       }
> +
> +                       p = strchr_m(p, '%');
> +                       if (p != NULL) {
> +                               memset(p, '\0', strlen(p));
> +                       }
> +                       found = false;
> +               }
> +       }
> +}
> +
>  struct poptOption popt_common_credentials[] = {
>         { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE,
>           (void *)popt_common_credentials_callback, 0,
> --
> 1.8.0
>
>

 memset(p, '\0', strlen(p)) doesn't work for multibyte characters.
Any chance you'll see them here?  I'm just assuming since you used
strchr_m instead of strchr.

-- 
Peace and Blessings,
-Scott.