From ad6aa21c43bb87c917e21416f3ba448b634a98f8 Mon Sep 17 00:00:00 2001
From: Geoff Greer <geoff@greer.fm>
Date: Thu, 12 Apr 2018 17:38:24 -0700
Subject: swaylock: Securely zero-out password.

- Replace char* with static array. Any chars > 1024 will be discarded.
- mlock() password buffer so it can't be written to swap.
- Clear password buffer after auth succeeds or fails.

This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519
---
 swaylock/main.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'swaylock/main.c')

diff --git a/swaylock/main.c b/swaylock/main.c
index 4c6b44c6..200c1b5f 100644
--- a/swaylock/main.c
+++ b/swaylock/main.c
@@ -8,6 +8,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/mman.h>
 #include <sys/stat.h>
 #include <time.h>
 #include <unistd.h>
@@ -18,10 +19,15 @@
 #include "background-image.h"
 #include "pool-buffer.h"
 #include "cairo.h"
+#include "log.h"
 #include "util.h"
 #include "wlr-input-inhibitor-unstable-v1-client-protocol.h"
 #include "wlr-layer-shell-unstable-v1-client-protocol.h"
 
+void sway_terminate(int exit_code) {
+	exit(exit_code);
+}
+
 static void daemonize() {
 	int fds[2];
 	if (pipe(fds) != 0) {
@@ -236,6 +242,13 @@ int main(int argc, char **argv) {
 		}
 	}
 
+#ifdef __linux__
+	// Most non-linux platforms require root to mlock()
+	if (mlock(state.password.buffer, sizeof(state.password.buffer)) != 0) {
+		sway_abort("Unable to mlock() password memory.");
+	}
+#endif
+
 	wl_list_init(&state.surfaces);
 	state.xkb.context = xkb_context_new(XKB_CONTEXT_NO_FLAGS);
 	state.display = wl_display_connect(NULL);
-- 
cgit v1.2.3-54-g00ecf