From 725cc687106d6450bf6d6878e7d2936ddc56bca9 Mon Sep 17 00:00:00 2001 From: Antonio Cardace Date: Wed, 18 Dec 2019 13:42:06 +0100 Subject: [PATCH] common: readline: fix memory leak of plain text secret After a user entered a secret it would get stored in the readline history data structure (in plain text) and eventually get leaked. This commit instructs readline to not store any secret in its history and fixes a non-related memory leak. --- clients/cli/common.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/clients/cli/common.c b/clients/cli/common.c index b5e684cecb..58879f6a51 100644 --- a/clients/cli/common.c +++ b/clients/cli/common.c @@ -1005,7 +1005,7 @@ nmc_readline_echo (const NmcConfig *nmc_config, va_list args; gs_free char *prompt = NULL; char *str; - HISTORY_STATE *saved_history; + nm_auto_free HISTORY_STATE *saved_history = NULL; HISTORY_STATE passwd_history = { 0, }; va_start (args, prompt_fmt); @@ -1018,6 +1018,10 @@ nmc_readline_echo (const NmcConfig *nmc_config, if (!echo_on) { saved_history = history_get_history_state (); history_set_history_state (&passwd_history); + /* stifling history is important as it tells readline to + * not store anything, otherwise sensitive data could be + * leaked */ + stifle_history (0); rl_redisplay_function = nmc_secret_redisplay; }