From 00a0861181cc7f4771ac2690ca6be5731c30b005 Mon Sep 17 00:00:00 2001 From: John Moffett Date: Thu, 9 Feb 2023 10:53:54 -0500 Subject: Pass all characters to SecureString including nulls `SecureString` is a `std::string` specialization with a secure allocator. However, it's treated like a C- string (no explicit length and null-terminated). This can cause unexpected behavior. For instance, if a user enters a passphrase with an embedded null character (which is possible through Qt and the JSON-RPC), it will ignore any characters after the null, giving the user a false sense of security. Instead of assigning `SecureString` via `std::string::c_str()`, assign it via a `std::string_view` of the original. This explicitly captures the size and doesn't make any extraneous copies in memory. --- src/support/allocators/secure.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src/support') diff --git a/src/support/allocators/secure.h b/src/support/allocators/secure.h index c6bd685189..a0918bf463 100644 --- a/src/support/allocators/secure.h +++ b/src/support/allocators/secure.h @@ -56,6 +56,7 @@ struct secure_allocator : public std::allocator { }; // This is exactly like std::string, but with a custom allocator. +// TODO: Consider finding a way to make incoming RPC request.params[i] mlock()ed as well typedef std::basic_string, secure_allocator > SecureString; #endif // BITCOIN_SUPPORT_ALLOCATORS_SECURE_H -- cgit v1.2.3