[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: KPasswordEdit patch (was Re: new widgets...)
From: Pupeno <pupeno () pupeno ! com>
Date: 2002-09-26 14:31:36
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 26 September 2002 09:32, Alexander Kellett wrote:
> > On Thursday 26 September 2002 05:23, Thomas Zander wrote:
> > > > - KPasswordEdit: the api of this widget is rather poor returning a
> > > > const char* of the typed password (should it be a QString or
> > > > something like that ?) and there's not setPassword function.
> > >
> > > Returning a pointer to the string as typed by the user is the only way
> > > to make sure minimal copying and therefor maximum security can be
> > > reached. Please don't change that.
> >
> > I imagined that the use of a char was for security reasons... but, what
> > would happen with passwords containing unicode chars ?
> > Is still a setPassword(const char*?) method a bad idea ?
>
> anyways, if we are so security concious why don't we also do a mlock?
>
> Alex (who's just starting reading too many man pages on his system)
Here's a patch that adds a setPassword() function to KPasswordEdit and also
uses mlock to keep the password secure im memory as Alexander 'sugested'.
If you see any bug there, please tell me.
Can this type of things be commited now ?
Thank you.
- --
Pupeno: pupeno@pupeno.com
http://www.pupeno.com
- ---
Help the hungry children of Argentina,
please go to (and make it your homepage):
http://www.porloschicos.com/servlet/PorLosChicos?comando=donar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9kxpLLr8z5XzmSDQRAmthAJ4uSc1C/7hfwf/OjBUNOU3BgGg+PACggLy8
yt0k3HmECGKl/hI1ALmMA1k=
=KI1K
-----END PGP SIGNATURE-----
["securesetpassword.patch" (text/x-diff)]
Index: kpassdlg.h
===================================================================
RCS file: /home/kde/kdelibs/kdeui/kpassdlg.h,v
retrieving revision 1.19
diff -c -r1.19 kpassdlg.h
*** kpassdlg.h 2002/03/05 23:13:27 1.19
--- kpassdlg.h 2002/09/26 13:59:48
***************
*** 69,74 ****
--- 69,79 ----
const char *password() const { return m_Password; }
/**
+ * Sets the password in the widget
+ */
+ void setPassword(const char *pass);
+
+ /**
* Erases the current password.
*/
void erase();
Index: kpassdlg.cpp
===================================================================
RCS file: /home/kde/kdelibs/kdeui/kpassdlg.cpp,v
retrieving revision 1.19
diff -c -r1.19 kpassdlg.cpp
*** kpassdlg.cpp 2002/04/03 15:26:26 1.19
--- kpassdlg.cpp 2002/09/26 13:59:50
***************
*** 18,23 ****
--- 18,26 ----
Boston, MA 02111-1307, USA.
*/
#include <unistd.h>
+ #include <sys/mman.h>
+ #include <errno.h>
+ #include <string.h>
#include <qwidget.h>
#include <qlineedit.h>
***************
*** 36,41 ****
--- 39,45 ----
#include <kaboutdialog.h>
#include <kconfig.h>
#include <kstandarddirs.h>
+ #include <kdebug.h>
#include <sys/time.h>
#include <sys/resource.h>
***************
*** 81,86 ****
--- 85,93 ----
{
setAcceptDrops(false);
m_Password = new char[PassLen];
+ if(!mlock(m_Password, PassLen)){
+ kdDebug() << "Failed to lock memory for the password: " << strerror(errno) \
<< " Using unsecure memroy." << endl; + }
m_Password[0] = '\000';
m_Length = 0;
}
***************
*** 89,95 ****
--- 96,106 ----
{
for (int i=0; i<PassLen; i++)
m_Password[i] = '\000';
+ if(!munlock(m_Password, PassLen)){
+ kdDebug() << "Failed to unlock memory: " << strerror(errno) << endl;
+ }
delete[] m_Password;
+
}
***************
*** 190,195 ****
--- 201,218 ----
break;
}
}
+
+ void KPasswordEdit::setPassword(const char *pass)
+ {
+ if(strlen(pass) > 99){
+ kdDebug() << "Password being assigned is too long." << endl;
+ }
+ m_Length = (strlen(pass) > 99) ? 99 : strlen(pass);
+ strncpy(m_Password, pass, m_Length);
+ m_Password[m_Length] = '\000';
+ showPass();
+ }
+
/*
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic