Overwrite session key on exit

Fix some compiler warnings git-svn-id: https://svn.code.sf.net/p/keepassx/code/trunk@248 b624d157-de02-0410-bad0-e51aec6abb33
16 years ago · 0afbf7b534
parent 2ecca449a4
commit 0afbf7b534
10 changed files with 26 additions and 19 deletions
--- a/src/Application_X11.cpp
+++ b/src/Application_X11.cpp
@ -35,7 +35,7 @@ bool KeepassApplication::x11EventFilter(XEvent* event){
 				autoTypeGlobal->maskAltGr() | autoTypeGlobal->maskMeta();
 	}
 	
-	if (event->type==KeyPress && autoType->getShortcut().key!=0u &&
+	if (event->type==KeyPress && autoType->getShortcut().key!=0 &&
 			event->xkey.keycode == XKeysymToKeycode(event->xkey.display,HelperX11::getKeysym(autoType->getShortcut().key)) &&
 			(event->xkey.state&remove_invalid) == HelperX11::getShortcutModifierMask(autoType->getShortcut()) &&
 			focusWidget()==NULL)
--- a/src/crypto/arcfour.cpp
+++ b/src/crypto/arcfour.cpp
@ -18,12 +18,12 @@

 #include "arcfour.h"

-void CArcFour::setKey(quint8* key, int length){
+void CArcFour::setKey(quint8* key, uint length){
 	RawKey = key;
 	RawKeyLength = length;
 }

-void CArcFour::encrypt(const quint8* src, quint8* dst, int length){
+void CArcFour::encrypt(const quint8* src, quint8* dst, uint length){
 	quint8 S[256];
 	quint32 w;
 	
--- a/src/crypto/arcfour.h
+++ b/src/crypto/arcfour.h
@ -21,13 +21,13 @@

 class CArcFour{
 	public:
-		void encrypt(const quint8* src, quint8* dst, int length);
-		inline void decrypt(const quint8* src, quint8* dst, int length){encrypt(src,dst,length);} //just for readability
-		void setKey(quint8* key, int length);
+		void encrypt(const quint8* src, quint8* dst, uint length);
+		inline void decrypt(const quint8* src, quint8* dst, uint length){encrypt(src,dst,length);} //just for readability
+		void setKey(quint8* key, uint length);
 		
 	private:
 		quint8* RawKey;
-		int RawKeyLength;
+		uint RawKeyLength;
 };

 #endif
--- a/src/crypto/yarrow.cpp
+++ b/src/crypto/yarrow.cpp
@ -425,7 +425,7 @@ void randomize(void* buffer, unsigned int length){

 void strongRandomize(void* buffer, unsigned int length){
 	Q_ASSERT(yarrow256_is_seeded(&StrongCtx));
-	for(int i=0; i<length;i++)
+	for(uint i=0; i<length;i++)
 		yarrow256_random(&StrongCtx,1,(quint8*)buffer+i);	
 }

--- a/src/lib/AutoTypeGlobalX11.cpp
+++ b/src/lib/AutoTypeGlobalX11.cpp
@ -87,7 +87,7 @@ void AutoTypeGlobalX11::windowTitles(Window window, QStringList& titleList){
 	unsigned int num_children;
 	int tree = XQueryTree(dpy, window, &root, &parent, &children, &num_children);
 	if (tree && children){
-		for (int i=0; i<num_children; i++)
+		for (uint i=0; i<num_children; i++)
 			windowTitles(children[i], titleList);
 	}
 	else
@ -220,7 +220,7 @@ bool AutoTypeGlobalX11::registerGlobalShortcut(const Shortcut& s){
 		return true;
 	
 	int code=XKeysymToKeycode(dpy, HelperX11::getKeysym(s.key));
-	int mod=HelperX11::getShortcutModifierMask(s);
+	uint mod=HelperX11::getShortcutModifierMask(s);
 	
 	HelperX11::startCatchErrors();
 	XGrabKey(dpy, code, mod, windowRoot, true, GrabModeAsync, GrabModeAsync);
@ -247,7 +247,7 @@ void AutoTypeGlobalX11::unregisterGlobalShortcut(){
 	if (shortcut.key==0) return;
 	
 	int code=XKeysymToKeycode(dpy, HelperX11::getKeysym(shortcut.key));
-	int mod=HelperX11::getShortcutModifierMask(shortcut);
+	uint mod=HelperX11::getShortcutModifierMask(shortcut);
 	
 	XUngrabKey(dpy, code, mod, windowRoot);
 	XUngrabKey(dpy, code, mod | Mod2Mask, windowRoot);
--- a/src/lib/HelperX11.cpp
+++ b/src/lib/HelperX11.cpp
@ -24,10 +24,10 @@
 #ifdef GLOBAL_AUTOTYPE
 #include "AutoTypeGlobalX11.h"

-int HelperX11::getShortcutModifierMask(const Shortcut& s){
+uint HelperX11::getShortcutModifierMask(const Shortcut& s){
 	AutoTypeGlobalX11* autoTypeGlobal = static_cast<AutoTypeGlobalX11*>(autoType);
 	
-	int mod = 0;
+	uint mod = 0;
 	if (s.ctrl) mod |= ControlMask;
 	if (s.shift) mod |= ShiftMask;
 	if (s.alt) mod |= autoTypeGlobal->maskAlt();
--- a/src/lib/HelperX11.h
+++ b/src/lib/HelperX11.h
@ -34,7 +34,7 @@ class HelperX11{
 	public:
 		static KeySym getKeysym(const QChar& c);
 #ifdef GLOBAL_AUTOTYPE
-		static int getShortcutModifierMask(const Shortcut& s);
+		static uint getShortcutModifierMask(const Shortcut& s);
 #endif
 		static unsigned int keyboardModifiers(Display* d);
 		
--- a/src/lib/SecString.cpp
+++ b/src/lib/SecString.cpp
@ -18,8 +18,8 @@
 *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
 ***************************************************************************/

-using namespace std;
 CArcFour SecString::RC4;
+quint8* SecString::sessionkey;

 SecString::operator QString(){
 	return string();
@ -88,17 +88,21 @@ void SecString::overwrite(QString& str){
 	if(str.length()==0)
 		return;
 	
-	for(int i=0; i<str.length(); i++)
-		((char*)str.data())[i] = 0;
+	overwrite((unsigned char*)str.data(), str.capacity());
 }

 void SecString::generateSessionKey(){
-	quint8* sessionkey = new quint8[32];
+	sessionkey = new quint8[32];
 	lockPage(sessionkey, 32);
 	randomize(sessionkey, 32);
 	RC4.setKey(sessionkey, 32);
 }

+void SecString::deleteSessionKey() {
+	overwrite(sessionkey, 32);
+	delete[] sessionkey;
+}
+

 SecData::SecData(int len) : locked(true){
 	length = len;
@ -110,7 +114,7 @@ SecData::~SecData(){
 		for (int i=0; i<length; i++)
 			data[i] = 0;
 	}
-	delete data;
+	delete[] data;
 }

 void SecData::lock(){
--- a/src/lib/SecString.h
+++ b/src/lib/SecString.h
@ -52,9 +52,11 @@ public:
 	static void overwrite(unsigned char* str,int len);
 	static void overwrite(QString& str);
 	static void generateSessionKey();
+	static void deleteSessionKey();
 	
 private:
 	static CArcFour RC4;
+	static quint8* sessionkey;
 	bool locked;
 	QByteArray crypt;
 	QString plain;
--- a/src/main.cpp
+++ b/src/main.cpp
@ -157,6 +157,7 @@ int main(int argc, char **argv)
 	delete eventListener;

 	fileDlgHistory.save();
+	SecString::deleteSessionKey();
 	delete app;
 	delete config;
 	return r;