[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[win-pv-devel] [PATCH 1/4] Don't store password longer than required

  • To: <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Owen Smith <owen.smith@xxxxxxxxxx>
  • Date: Thu, 7 Nov 2019 15:53:15 +0000
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=owen.smith@xxxxxxxxxx; spf=Pass smtp.mailfrom=owen.smith@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
  • Cc: Owen Smith <owen.smith@xxxxxxxxxx>
  • Delivery-date: Thu, 07 Nov 2019 15:53:49 +0000
  • Ironport-sdr: vdYkopOahcNU7Pr9k4nT17ofOlYEQ/xCAmBdQTWe5RQP+Oy0U0bymWvrZwK5fmd2J6W/Uz0DAE XtW52M+9/nQtWEkFFCLRSWP2L154NNIkhjfie0WuV5jIK8IkqZs3xHbp4IEt1j25Tb1nu7XK8T G/PIeC+g0obNHWuYFYmw51MtPyqLURC99vwJfkX3pRrosJAxQyX1NcS433cxGU3WokqIDgaaa2 ETrsrR3+eYkPy8sS0CrdKBj54kNWUodtQ1IlYv9wUHRfoUScrTPCjcJmZtsSynbGm33MPINUSe Yz8=
  • List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>
Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx>
---
 src/tty/tty.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/tty/tty.c b/src/tty/tty.c
index 6e340ab..035f18c 100644
--- a/src/tty/tty.c
+++ b/src/tty/tty.c
@@ -51,7 +51,6 @@ typedef struct _TTY_CONTEXT {
     TTY_STREAM          ChildStdOut;
     TTY_STREAM          Device;
     TCHAR               UserName[MAXIMUM_BUFFER_SIZE];
-    TCHAR               Password[MAXIMUM_BUFFER_SIZE];
     HANDLE              Token;
     PROCESS_INFORMATION ProcessInfo;
 } TTY_CONTEXT, *PTTY_CONTEXT;
@@ -289,7 +288,8 @@ GetLine(
 
 static BOOL
 GetCredentials(
-    VOID
+    IN  PTCHAR      Password,
+    IN  DWORD       PasswordSize
     )
 {
     PTTY_CONTEXT    Context = &TtyContext;
@@ -330,17 +330,17 @@ GetCredentials(
 
     ECHO(&Context->Device, "Password: ");
 
-    ZeroMemory(Context->Password, sizeof (Context->Password));
+    ZeroMemory(Password, PasswordSize);
 
     Success = GetLine(&Context->Device,
-                      Context->Password,
-                      sizeof (Context->Password),
+                      Password,
+                      PasswordSize,
                       &Size,
                       TRUE);
     if (!Success)
         return FALSE;
 
-    End = _tcschr(Context->Password, TEXT('\r'));
+    End = _tcschr(Password, TEXT('\r'));
     if (End == NULL)
         return FALSE;
 
@@ -448,6 +448,7 @@ _tmain(
     PTTY_CONTEXT        Context = &TtyContext;
     SECURITY_ATTRIBUTES Attributes;
     HANDLE              Handle[3];
+    TCHAR               Password[MAXIMUM_BUFFER_SIZE];
     DWORD               Index;
     BOOL                Success;
 
@@ -484,16 +485,19 @@ _tmain(
     if (Context->Device.Write == INVALID_HANDLE_VALUE)
         ExitProcess(1);
 
-    Success = GetCredentials();
+    Success = GetCredentials(Password, sizeof(Password));
     if (!Success)
         ExitProcess(1);
 
     Success = LogonUser(Context->UserName,
                         NULL,
-                        Context->Password,
+                        Password,
                         LOGON32_LOGON_INTERACTIVE,
                         LOGON32_PROVIDER_DEFAULT,
                         &Context->Token);
+
+    ZeroMemory(Password, sizeof(Password));
+
     if (!Success)
         ExitProcess(1);
 
-- 
2.16.2.windows.1


_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/win-pv-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.