Securely overwrite (zero) user input when we finish password checks.

MFC after: 3 days X-MFC-to: stable/10
svn path=/head/; revision=280935
2015-04-01 01:22:30 +00:00 · 2015-04-01 01:22:30 +00:00 · a833f92d40 · 2020-12-20 02:59:44 +00:00
commit a833f92d40
parent 20539a9a2a
1 changed files with 14 additions and 5 deletions
--- a/sys/boot/forth/check-password.4th
+++ b/sys/boot/forth/check-password.4th
@ -78,6 +78,17 @@ variable readlen             \ input length
 	again
 ;

+: cfill ( c c-addr/u -- )
+	begin dup 0> while
+		-rot 2dup c! 1+ rot 1-
+	repeat 2drop drop
+;
+
+: read-reset ( -- )
+	0 readlen !
+	0 readval readmax cfill
+;
+
 : read ( c-addr/u -- ) \ Expects string prompt as stack input

 	0 25 at-xy           \ Move the cursor to the bottom-left
@ -127,10 +138,8 @@ variable readlen             \ input length
 		while
 			3000 ms ." loader: incorrect password" 10 emit
 		repeat
-		2drop ( c-addr/u )
-	else
-		drop ( -1 ) \ getenv cruft
-	then
+		2drop read-reset
+	else drop then

 	\ Exit if a password was not set
 	s" password" getenv -1 = if exit else drop then
@ -147,7 +156,7 @@ variable readlen             \ input length
 	begin
 		s" Password: " read ( prompt -- )
 		2dup readval readlen @ compare 0= if \ Correct password?
-			2drop exit
+			2drop read-reset exit
 		then
 		3000 ms ." loader: incorrect password" 10 emit
 	again