gdm r5933 - in trunk: . daemon gui/simple-greeter

[mccann svn gnome org]

Author: mccann
Date: Wed Mar  5 19:46:55 2008
New Revision: 5933
URL: http://svn.gnome.org/viewvc/gdm?rev=5933&view=rev

Log:
2008-03-05  William Jon McCann  <jmccann redhat com>

	* daemon/gdm-session-worker.c: (script_execute), (my_strchrnul),
	(gdm_session_execute), (gdm_session_worker_process_pam_message),
	(gdm_session_worker_pam_new_messages_handler):
	* gui/simple-greeter/gdm-greeter-login-window.c:
	(delete_entry_text), (reset_dialog),
	(gdm_greeter_login_window_info_query),
	(gdm_greeter_login_window_secret_info_query):
	Try a little harder to not keep sensitive data in memory.



Modified:
   trunk/ChangeLog
   trunk/daemon/gdm-session-worker.c
   trunk/gui/simple-greeter/gdm-greeter-login-window.c

Modified: trunk/daemon/gdm-session-worker.c
==============================================================================
--- trunk/daemon/gdm-session-worker.c	(original)
+++ trunk/daemon/gdm-session-worker.c	Wed Mar  5 19:46:55 2008
@@ -164,8 +164,9 @@
         /* Count the arguments.  */
         int argc = 0;
 
-        while (argv[argc])
+        while (argv[argc]) {
                 ++argc;
+        }
 
         /* Construct an argument list for the shell.  */
         {
@@ -181,10 +182,11 @@
                 }
 
                 /* Execute the shell. */
-                if (envp)
+                if (envp) {
                         execve (new_argv[0], new_argv, envp);
-                else
+                } else {
                         execv (new_argv[0], new_argv);
+                }
 
                 g_free (new_argv);
         }
@@ -194,8 +196,9 @@
 my_strchrnul (const char *str, char c)
 {
         char *p = (char*) str;
-        while (*p && (*p != c))
+        while (*p && (*p != c)) {
                 ++p;
+        }
 
         return p;
 }
@@ -215,13 +218,15 @@
 
         if (!search_path || strchr (file, '/') != NULL) {
                 /* Don't search when it contains a slash. */
-                if (envp)
+                if (envp) {
                         execve (file, argv, envp);
-                else
+                } else {
                         execv (file, argv);
+                }
 
-                if (errno == ENOEXEC)
+                if (errno == ENOEXEC) {
                         script_execute (file, argv, envp, FALSE);
+                }
         } else {
                 gboolean got_eacces = 0;
                 const char *path, *p;
@@ -756,6 +761,7 @@
                         *response_text = strdup (user_answer);
                 }
 
+                memset (user_answer, '\0', strlen (user_answer));
                 g_free (user_answer);
 
                 g_debug ("GdmSessionWorker: trying to get updated username");
@@ -807,6 +813,8 @@
                                                                        messages[i],
                                                                        &response_text);
                 if (!got_response) {
+                        memset (response_text, '\0', strlen (response_text));
+                        g_free (response_text);
                         goto out;
                 }
 

Modified: trunk/gui/simple-greeter/gdm-greeter-login-window.c
==============================================================================
--- trunk/gui/simple-greeter/gdm-greeter-login-window.c	(original)
+++ trunk/gui/simple-greeter/gdm-greeter-login-window.c	Wed Mar  5 19:46:55 2008
@@ -529,6 +529,19 @@
 }
 
 static void
+delete_entry_text (GtkWidget *entry)
+{
+        const char *typed_text;
+        char       *null_text;
+
+        /* try to scrub out any secret info */
+        typed_text = gtk_entry_get_text (GTK_ENTRY (entry));
+        null_text = g_strnfill (strlen (typed_text) + 1, '\b');
+        gtk_entry_set_text (GTK_ENTRY (entry), null_text);
+        gtk_entry_set_text (GTK_ENTRY (entry), "");
+}
+
+static void
 reset_dialog (GdmGreeterLoginWindow *login_window)
 {
         GtkWidget  *entry;
@@ -537,7 +550,9 @@
         g_debug ("GdmGreeterLoginWindow: Resetting dialog");
 
         entry = glade_xml_get_widget (GDM_GREETER_LOGIN_WINDOW (login_window)->priv->xml, "auth-prompt-entry");
-        gtk_entry_set_text (GTK_ENTRY (entry), "");
+
+        delete_entry_text (entry);
+
         gtk_entry_set_visibility (GTK_ENTRY (entry), TRUE);
         set_message (login_window, "");
 
@@ -617,7 +632,7 @@
         g_debug ("GdmGreeterLoginWindow: info query: %s", text);
 
         entry = glade_xml_get_widget (GDM_GREETER_LOGIN_WINDOW (login_window)->priv->xml, "auth-prompt-entry");
-        gtk_entry_set_text (GTK_ENTRY (entry), "");
+        delete_entry_text (entry);
         gtk_entry_set_visibility (GTK_ENTRY (entry), TRUE);
         set_log_in_button_mode (login_window, LOGIN_BUTTON_ANSWER_QUERY);
 
@@ -642,7 +657,7 @@
         g_return_val_if_fail (GDM_IS_GREETER_LOGIN_WINDOW (login_window), FALSE);
 
         entry = glade_xml_get_widget (GDM_GREETER_LOGIN_WINDOW (login_window)->priv->xml, "auth-prompt-entry");
-        gtk_entry_set_text (GTK_ENTRY (entry), "");
+        delete_entry_text (entry);
         gtk_entry_set_visibility (GTK_ENTRY (entry), FALSE);
         set_log_in_button_mode (login_window, LOGIN_BUTTON_ANSWER_QUERY);