diff options
| author | Michael Stahl <mstahl@redhat.com> | 2018-02-13 15:46:20 +0100 |
|---|---|---|
| committer | Michael Stahl <mstahl@redhat.com> | 2018-02-14 10:11:11 +0100 |
| commit | 306cd912b5b84c02ae9b786f72963506369df649 (patch) | |
| tree | 8a2c92c3b8d4e46cd4319dfa13a252adcf8c9eea /svl/source/misc | |
| parent | 4f490b86c782f609dabf1355c8db4d654af4c9c4 (diff) | |
svl: clear temporary copies of passwords in SvlPasswordHelper
This is an obvious place to start, but there might be more copies
elsewhere.
Change-Id: I3c3ea6cb54f40fe5c21c3128b55aeaad1ff74b42
Reviewed-on: https://gerrit.libreoffice.org/49669
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
Diffstat (limited to 'svl/source/misc')
| -rw-r--r-- | svl/source/misc/PasswordHelper.cxx | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/svl/source/misc/PasswordHelper.cxx b/svl/source/misc/PasswordHelper.cxx index 48aa165507ee..4f8cbb655b08 100644 --- a/svl/source/misc/PasswordHelper.cxx +++ b/svl/source/misc/PasswordHelper.cxx @@ -33,6 +33,7 @@ void SvPasswordHelper::GetHashPasswordSHA256(uno::Sequence<sal_Int8>& rPassHash, ::comphelper::HashType::SHA256)); rPassHash.realloc(hash.size()); ::std::copy(hash.begin(), hash.end(), rPassHash.begin()); + rtl_secureZeroMemory(const_cast<sal_Char *>(tmp.getStr()), tmp.getLength()); } void SvPasswordHelper::GetHashPasswordSHA1UTF8(uno::Sequence<sal_Int8>& rPassHash, OUString const& rPassword) @@ -43,6 +44,7 @@ void SvPasswordHelper::GetHashPasswordSHA1UTF8(uno::Sequence<sal_Int8>& rPassHas ::comphelper::HashType::SHA1)); rPassHash.realloc(hash.size()); ::std::copy(hash.begin(), hash.end(), rPassHash.begin()); + rtl_secureZeroMemory(const_cast<sal_Char *>(tmp.getStr()), tmp.getLength()); } void SvPasswordHelper::GetHashPassword(uno::Sequence<sal_Int8>& rPassHash, const sal_Char* pPass, sal_uInt32 nLen) @@ -69,6 +71,7 @@ void SvPasswordHelper::GetHashPasswordLittleEndian(uno::Sequence<sal_Int8>& rPas } GetHashPassword(rPassHash, pCharBuffer.get(), nSize * sizeof(sal_Unicode)); + rtl_secureZeroMemory(pCharBuffer.get(), nSize * sizeof(sal_Unicode)); } void SvPasswordHelper::GetHashPasswordBigEndian(uno::Sequence<sal_Int8>& rPassHash, const OUString& sPass) @@ -84,6 +87,7 @@ void SvPasswordHelper::GetHashPasswordBigEndian(uno::Sequence<sal_Int8>& rPassHa } GetHashPassword(rPassHash, pCharBuffer.get(), nSize * sizeof(sal_Unicode)); + rtl_secureZeroMemory(pCharBuffer.get(), nSize * sizeof(sal_Unicode)); } void SvPasswordHelper::GetHashPassword(uno::Sequence<sal_Int8>& rPassHash, const OUString& sPass) |