Commit graph

7 commits

Author SHA1 Message Date
Geoff Greer ad6aa21c43 swaylock: Securely zero-out password.
- Replace char* with static array. Any chars > 1024 will be discarded.
- mlock() password buffer so it can't be written to swap.
- Clear password buffer after auth succeeds or fails.

This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519
2018-04-12 17:49:21 -07:00
Drew DeVault 5d444b34f6 Address review feedback from @emersion 2018-04-04 18:52:44 -04:00
Drew DeVault 0138f79b4a Move extra roundtrip into password.c 2018-04-04 18:47:49 -04:00
Drew DeVault 62a736a196 Actually let's not do that TODO 2018-04-04 18:47:48 -04:00
Drew DeVault d053acbed6 R E N D E R I N G 2018-04-04 18:47:48 -04:00
Drew DeVault e902de34db Verify passwords 2018-04-04 18:47:48 -04:00
Drew DeVault 066143adef Add password buffer, refactor rendering/surfaces 2018-04-04 18:47:48 -04:00