phaneron/Kelsidavis-WoWee
1
0
Fork 0
mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-04-28 22:13:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

memory, threading, network hardening

Browse source 
Signed-off-by: Pavel Okhlopkov <pavel.okhlopkov@flant.com>
This commit is contained in:
Pavel Okhlopkov 2026-04-06 21:19:37 +03:00
parent 312994be83
commit 2e8856bacd
9 changed files with 135 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

30
src/auth/auth_handler.cpp
View file

@ -68,6 +68,26 @@ void AuthHandler::disconnect() {
socket->disconnect();
socket.reset();
}
// Scrub sensitive material when tearing down the auth session.
if (!password.empty()) {
volatile char* p = const_cast<volatile char*>(password.data());
for (size_t i = 0; i < password.size(); ++i)
p[i] = '\0';
password.clear();
password.shrink_to_fit();
}
if (!sessionKey.empty()) {
volatile uint8_t* k = const_cast<volatile uint8_t*>(sessionKey.data());
for (size_t i = 0; i < sessionKey.size(); ++i)
k[i] = 0;
sessionKey.clear();
sessionKey.shrink_to_fit();
}
if (srp) {
srp->clearCredentials();
}
setState(AuthState::DISCONNECTED);
LOG_INFO("Disconnected from auth server");
}
@ -354,6 +374,16 @@ void AuthHandler::handleLogonProofResponse(network::Packet& packet) {
sessionKey = srp->getSessionKey();
setState(AuthState::AUTHENTICATED);
// Plaintext password is no longer needed — zero-fill and release it so it
// doesn't sit in process memory for the rest of the session.
if (!password.empty()) {
volatile char* p = const_cast<volatile char*>(password.data());
for (size_t i = 0; i < password.size(); ++i)
p[i] = '\0';
password.clear();
password.shrink_to_fit();
}
LOG_INFO("========================================");
LOG_INFO(" AUTHENTICATION SUCCESSFUL!");
LOG_INFO("========================================");