[Libreoffice-commits] core.git: Branch 'libreoffice-6-0' - svl/source

[Michael Stahl]

 svl/source/misc/PasswordHelper.cxx |    4 ++++
 1 file changed, 4 insertions(+)

New commits:
commit 6561fcc13334b93e886ad392af1515df45a2ae9b
Author: Michael Stahl <mstahl at redhat.com>
Date:   Tue Feb 13 15:46:20 2018 +0100

    svl: clear temporary copies of passwords in SvlPasswordHelper
    
    This is an obvious place to start, but there might be more copies
    elsewhere.
    
    Change-Id: I3c3ea6cb54f40fe5c21c3128b55aeaad1ff74b42
    Reviewed-on: https://gerrit.libreoffice.org/49669
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Michael Stahl <mstahl at redhat.com>
    (cherry picked from commit 306cd912b5b84c02ae9b786f72963506369df649)
    Reviewed-on: https://gerrit.libreoffice.org/49720
    Reviewed-by: Eike Rathke <erack at redhat.com>

diff --git a/svl/source/misc/PasswordHelper.cxx b/svl/source/misc/PasswordHelper.cxx
index 48aa165507ee..4f8cbb655b08 100644
--- a/svl/source/misc/PasswordHelper.cxx
+++ b/svl/source/misc/PasswordHelper.cxx
@@ -33,6 +33,7 @@ void SvPasswordHelper::GetHashPasswordSHA256(uno::Sequence<sal_Int8>& rPassHash,
         ::comphelper::HashType::SHA256));
     rPassHash.realloc(hash.size());
     ::std::copy(hash.begin(), hash.end(), rPassHash.begin());
+    rtl_secureZeroMemory(const_cast<sal_Char *>(tmp.getStr()), tmp.getLength());
 }
 
 void SvPasswordHelper::GetHashPasswordSHA1UTF8(uno::Sequence<sal_Int8>& rPassHash, OUString const& rPassword)
@@ -43,6 +44,7 @@ void SvPasswordHelper::GetHashPasswordSHA1UTF8(uno::Sequence<sal_Int8>& rPassHas
         ::comphelper::HashType::SHA1));
     rPassHash.realloc(hash.size());
     ::std::copy(hash.begin(), hash.end(), rPassHash.begin());
+    rtl_secureZeroMemory(const_cast<sal_Char *>(tmp.getStr()), tmp.getLength());
 }
 
 void SvPasswordHelper::GetHashPassword(uno::Sequence<sal_Int8>& rPassHash, const sal_Char* pPass, sal_uInt32 nLen)
@@ -69,6 +71,7 @@ void SvPasswordHelper::GetHashPasswordLittleEndian(uno::Sequence<sal_Int8>& rPas
     }
 
     GetHashPassword(rPassHash, pCharBuffer.get(), nSize * sizeof(sal_Unicode));
+    rtl_secureZeroMemory(pCharBuffer.get(), nSize * sizeof(sal_Unicode));
 }
 
 void SvPasswordHelper::GetHashPasswordBigEndian(uno::Sequence<sal_Int8>& rPassHash, const OUString& sPass)
@@ -84,6 +87,7 @@ void SvPasswordHelper::GetHashPasswordBigEndian(uno::Sequence<sal_Int8>& rPassHa
     }
 
     GetHashPassword(rPassHash, pCharBuffer.get(), nSize * sizeof(sal_Unicode));
+    rtl_secureZeroMemory(pCharBuffer.get(), nSize * sizeof(sal_Unicode));
 }
 
 void SvPasswordHelper::GetHashPassword(uno::Sequence<sal_Int8>& rPassHash, const OUString& sPass)