diff options
author | John Moffett <john.moff@gmail.com> | 2023-02-09 10:53:54 -0500 |
---|---|---|
committer | John Moffett <john.moff@gmail.com> | 2023-02-21 14:40:59 -0500 |
commit | 00a0861181cc7f4771ac2690ca6be5731c30b005 (patch) | |
tree | 2ade76775bcbc94e93698a5eb92938017d323671 /src/support | |
parent | 80f4979322b574be29c684b2e106804432420ebf (diff) |
Pass all characters to SecureString including nulls
`SecureString` is a `std::string` specialization with
a secure allocator. However, it's treated like a C-
string (no explicit length and null-terminated). This
can cause unexpected behavior. For instance, if a user
enters a passphrase with an embedded null character
(which is possible through Qt and the JSON-RPC), it will
ignore any characters after the null, giving the user
a false sense of security.
Instead of assigning `SecureString` via `std::string::c_str()`,
assign it via a `std::string_view` of the original. This
explicitly captures the size and doesn't make any extraneous
copies in memory.
Diffstat (limited to 'src/support')
-rw-r--r-- | src/support/allocators/secure.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/support/allocators/secure.h b/src/support/allocators/secure.h index c6bd685189..a0918bf463 100644 --- a/src/support/allocators/secure.h +++ b/src/support/allocators/secure.h @@ -56,6 +56,7 @@ struct secure_allocator : public std::allocator<T> { }; // This is exactly like std::string, but with a custom allocator. +// TODO: Consider finding a way to make incoming RPC request.params[i] mlock()ed as well typedef std::basic_string<char, std::char_traits<char>, secure_allocator<char> > SecureString; #endif // BITCOIN_SUPPORT_ALLOCATORS_SECURE_H |