svn commit: r280935 - head/sys/boot/forth
Devin Teske
dteske at FreeBSD.org
Wed Apr 1 01:22:31 UTC 2015
Author: dteske
Date: Wed Apr 1 01:22:30 2015
New Revision: 280935
URL: https://svnweb.freebsd.org/changeset/base/280935
Log:
Securely overwrite (zero) user input when we finish password checks.
MFC after: 3 days
X-MFC-to: stable/10
Modified:
head/sys/boot/forth/check-password.4th
Modified: head/sys/boot/forth/check-password.4th
==============================================================================
--- head/sys/boot/forth/check-password.4th Wed Apr 1 01:17:36 2015 (r280934)
+++ head/sys/boot/forth/check-password.4th Wed Apr 1 01:22:30 2015 (r280935)
@@ -78,6 +78,17 @@ variable readlen \ input len
again
;
+: cfill ( c c-addr/u -- )
+ begin dup 0> while
+ -rot 2dup c! 1+ rot 1-
+ repeat 2drop drop
+;
+
+: read-reset ( -- )
+ 0 readlen !
+ 0 readval readmax cfill
+;
+
: read ( c-addr/u -- ) \ Expects string prompt as stack input
0 25 at-xy \ Move the cursor to the bottom-left
@@ -127,10 +138,8 @@ variable readlen \ input len
while
3000 ms ." loader: incorrect password" 10 emit
repeat
- 2drop ( c-addr/u )
- else
- drop ( -1 ) \ getenv cruft
- then
+ 2drop read-reset
+ else drop then
\ Exit if a password was not set
s" password" getenv -1 = if exit else drop then
@@ -147,7 +156,7 @@ variable readlen \ input len
begin
s" Password: " read ( prompt -- )
2dup readval readlen @ compare 0= if \ Correct password?
- 2drop exit
+ 2drop read-reset exit
then
3000 ms ." loader: incorrect password" 10 emit
again
More information about the svn-src-all
mailing list