aboutsummaryrefslogtreecommitdiff
path: root/src/support
diff options
context:
space:
mode:
authorJohn Moffett <john.moff@gmail.com>2023-02-09 10:53:54 -0500
committerJohn Moffett <john.moff@gmail.com>2023-02-21 14:40:59 -0500
commit00a0861181cc7f4771ac2690ca6be5731c30b005 (patch)
tree2ade76775bcbc94e93698a5eb92938017d323671 /src/support
parent80f4979322b574be29c684b2e106804432420ebf (diff)
Pass all characters to SecureString including nulls
`SecureString` is a `std::string` specialization with a secure allocator. However, it's treated like a C- string (no explicit length and null-terminated). This can cause unexpected behavior. For instance, if a user enters a passphrase with an embedded null character (which is possible through Qt and the JSON-RPC), it will ignore any characters after the null, giving the user a false sense of security. Instead of assigning `SecureString` via `std::string::c_str()`, assign it via a `std::string_view` of the original. This explicitly captures the size and doesn't make any extraneous copies in memory.
Diffstat (limited to 'src/support')
-rw-r--r--src/support/allocators/secure.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/support/allocators/secure.h b/src/support/allocators/secure.h
index c6bd685189..a0918bf463 100644
--- a/src/support/allocators/secure.h
+++ b/src/support/allocators/secure.h
@@ -56,6 +56,7 @@ struct secure_allocator : public std::allocator<T> {
};
// This is exactly like std::string, but with a custom allocator.
+// TODO: Consider finding a way to make incoming RPC request.params[i] mlock()ed as well
typedef std::basic_string<char, std::char_traits<char>, secure_allocator<char> > SecureString;
#endif // BITCOIN_SUPPORT_ALLOCATORS_SECURE_H