HAVE_WRITABLE_ARGV is set if argv[] is writable on the system, and then

we attempt to hide some of the more sensitive command line arguments

diff --git a/configure.in b/configure.in
index 43a6678d876159d73ead9c7adca1727ee56d2baa..9542f00d646ed8788c703c4081ffe6d35a447add 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -318,6 +318,22 @@ if test -n "$RANDOM_FILE" ; then
         [a suitable file to read random data from])
 fi
 
+dnl **********************************************************************
+dnl Check if the operating system allows programs to write to their own argv[]
+dnl **********************************************************************
+
+AC_MSG_CHECKING([if argv can be written to])
+AC_TRY_RUN([
+int main(int argc, char ** argv) {
+       argv[0][0] = ' ';
+       return (argv[0][0] == ' ')?0:1;
+}
+       ],
+       AC_DEFINE(HAVE_WRITABLE_ARGV, 1, [Define this symbol if your OS supports changing the contents of argv])
+       AC_MSG_RESULT(yes),
+       AC_MSG_RESULT(no)
+)
+
 dnl **********************************************************************
 dnl Check for the presence of Kerberos4 libraries and headers
 dnl **********************************************************************

diff --git a/src/config.h.in b/src/config.h.in
index fdd8f65f78e8c862ea5e526f71b62a8a8079270b..b306a123e33a507432dfa428367a07df8fc249cf 100644 (file)
--- a/src/config.h.in
+++ b/src/config.h.in
@@ -35,3 +35,6 @@
 /* Define if you have the `poll' function. */
 #undef HAVE_POLL
 
+/* Define if you can write to argc[] strings */
+#undef HAVE_WRITABLE_ARGV
+

diff --git a/src/main.c b/src/main.c
index d2eaedb5946bd1776b5d206a5c164d15c480aba6..efc43f86ea1a2712176bd71b162c10107b9c58b9 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -970,6 +970,21 @@ typedef enum {
   PARAM_LAST
 } ParameterError;
 
+static void cleanarg(char *str)
+{
+#ifdef HAVE_WRITABLE_ARGV
+  /* now that GetStr has copied the contents of nextarg, wipe the next
+   * argument out so that the username:password isn't displayed in the
+   * system process list */
+  if (str) {
+    size_t len = strlen(str);
+    memset(str, ' ', len);
+  }
+#else
+  (void)str;
+#endif
+}
+
 static ParameterError getparameter(char *flag, /* f or -long-flag */
                                    char *nextarg, /* NULL if unset */
                                    bool *usedarg, /* set to TRUE if the arg
@@ -1398,6 +1413,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
         break;
       case 'e': /* private key passphrase */
         GetStr(&config->key_passwd, nextarg);
+        cleanarg(nextarg);
         break;
       case 'f': /* crypto engine */
         GetStr(&config->engine, nextarg);
@@ -1432,6 +1448,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
             GetStr(&config->key_passwd, ptr);
           }
           GetStr(&config->cert, nextarg);
+          cleanarg(nextarg);
         }
       }
       break;
@@ -1627,10 +1644,12 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
     case 'u':
       /* user:password  */
       GetStr(&config->userpwd, nextarg);
+      cleanarg(nextarg);
       break;
     case 'U':
       /* Proxy user:password  */
       GetStr(&config->proxyuserpwd, nextarg);
+      cleanarg(nextarg);
       break;
     case 'v':
       config->conf ^= CONF_VERBOSE; /* talk a lot */