Merge branch 'ac/readline_fix_leaks'

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/366

clients/cli/common.c

@@ -17,6 +17,7 @@
 
 #include "nm-vpn-helpers.h"
 #include "nm-client-utils.h"
+#include "nm-glib-aux/nm-secret-utils.h"
 
 #include "utils.h"
 
@@ -732,7 +733,7 @@ get_secrets_from_user (const NmcConfig *nmc_config,
 		/* No password provided, cancel the secrets. */
 		if (!pwd)
 			return FALSE;
-		g_free (secret->value);
+		nm_free_secret (secret->value);
 		secret->value = pwd;
 	}
 	return TRUE;
@@ -1005,7 +1006,7 @@ nmc_readline_echo (const NmcConfig *nmc_config,
 	va_list args;
 	gs_free char *prompt = NULL;
 	char *str;
-	HISTORY_STATE *saved_history;
+	nm_auto_free HISTORY_STATE *saved_history = NULL;
 	HISTORY_STATE passwd_history = { 0, };
 
 	va_start (args, prompt_fmt);
@@ -1018,6 +1019,10 @@ nmc_readline_echo (const NmcConfig *nmc_config,
 	if (!echo_on) {
 		saved_history = history_get_history_state ();
 		history_set_history_state (&passwd_history);
+		/* stifling history is important as it tells readline to
+		 * not store anything, otherwise sensitive data could be
+		 * leaked */
+		stifle_history (0);
 		rl_redisplay_function = nmc_secret_redisplay;
 	}
 

clients/cli/devices.c

@@ -18,6 +18,7 @@
 #include "utils.h"
 #include "common.h"
 #include "connections.h"
+#include "nm-glib-aux/nm-secret-utils.h"
 
 /* define some prompts */
 #define PROMPT_INTERFACE  _("Interface: ")
@@ -3639,7 +3640,7 @@ finish:
 	if (bssid2_arr)
 		g_byte_array_free (bssid2_arr, TRUE);
 	g_free (ssid_ask);
-	g_free (passwd_ask);
+	nm_free_secret (passwd_ask);
 
 	return nmc->return_value;
 }

libnm-core/nm-setting-wireless-security.c

@@ -13,6 +13,7 @@
 #include "nm-utils-private.h"
 #include "nm-setting-private.h"
 #include "nm-setting-wireless.h"
+#include "nm-glib-aux/nm-secret-utils.h"
 
 /**
  * SECTION:nm-setting-wireless-security
@@ -1316,33 +1317,33 @@ set_property (GObject *object, guint prop_id,
 		priv->leap_username = g_value_dup_string (value);
 		break;
 	case PROP_WEP_KEY0:
-		g_free (priv->wep_key0);
+		nm_free_secret (priv->wep_key0);
 		priv->wep_key0 = g_value_dup_string (value);
 		break;
 	case PROP_WEP_KEY1:
-		g_free (priv->wep_key1);
+		nm_free_secret (priv->wep_key1);
 		priv->wep_key1 = g_value_dup_string (value);
 		break;
 	case PROP_WEP_KEY2:
-		g_free (priv->wep_key2);
+		nm_free_secret (priv->wep_key2);
 		priv->wep_key2 = g_value_dup_string (value);
 		break;
 	case PROP_WEP_KEY3:
-		g_free (priv->wep_key3);
+		nm_free_secret (priv->wep_key3);
 		priv->wep_key3 = g_value_dup_string (value);
 		break;
 	case PROP_WEP_KEY_FLAGS:
 		priv->wep_key_flags = g_value_get_flags (value);
 		break;
 	case PROP_PSK:
-		g_free (priv->psk);
+		nm_free_secret (priv->psk);
 		priv->psk = g_value_dup_string (value);
 		break;
 	case PROP_PSK_FLAGS:
 		priv->psk_flags = g_value_get_flags (value);
 		break;
 	case PROP_LEAP_PASSWORD:
-		g_free (priv->leap_password);
+		nm_free_secret (priv->leap_password);
 		priv->leap_password = g_value_dup_string (value);
 		break;
 	case PROP_LEAP_PASSWORD_FLAGS:
@@ -1392,12 +1393,12 @@ finalize (GObject *object)
 	g_free (priv->key_mgmt);
 	g_free (priv->auth_alg);
 	g_free (priv->leap_username);
-	g_free (priv->wep_key0);
-	g_free (priv->wep_key1);
-	g_free (priv->wep_key2);
-	g_free (priv->wep_key3);
-	g_free (priv->psk);
-	g_free (priv->leap_password);
+	nm_free_secret (priv->wep_key0);
+	nm_free_secret (priv->wep_key1);
+	nm_free_secret (priv->wep_key2);
+	nm_free_secret (priv->wep_key3);
+	nm_free_secret (priv->psk);
+	nm_free_secret (priv->leap_password);
 
 	g_slist_free_full (priv->proto, g_free);
 	g_slist_free_full (priv->pairwise, g_free);