Branch: Tag:

2018-01-24

2018-01-24 13:39:32 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.Hash: Censor the password argument in crypt_hash().

Attempt to hide passwords from backtraces.

Fixes PIKE-58 (#8058).

273:    *! @seealso    *! @[crypt_md5()]    */ -  PIKEFUN string(0..127) crypt_hash(string(0..255) password, -  string(0..255) salt, int rounds) +  PIKEFUN string(0..127) crypt_hash(string password, +  string salt, int rounds) +  /* NB: We use a weaker type above to allow us to delay +  * throwing errors on wide strings until we've had +  * time to censor the password string. +  */ +  rawtype tFunc(tStr8 tStr8 tInt, tStr7);    {    struct pike_string *res;    const struct nettle_hash *meta = THIS->meta;
298:    if (rounds < 1000) rounds = 1000;    if (rounds > 999999999) rounds = 999999999;    +  /* Censor the password. */ +  push_string(password); +  args++; +  add_ref(Pike_sp[-args].u.string = MK_STRING("censored")); +     NO_WIDE_STRING(password);    NO_WIDE_STRING(salt);