pppd: Obfuscate password argument string

After processing the argument to the 'password' option, this
overwrites the original argument on the stack with '?' characters,
and for good measure makes the argument pointer point to a constant
string "********" so as not to reveal the length of the password.
This is so that tools such as ps don't show the actual password
when displaying the process arguments.  Nevertheless, it is still
better to get the password from a file, since there is inevitably
still a window of time when the password would be visible.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>

diff --git a/pppd/options.c b/pppd/options.c
index f1d2dc9ddf36947df03d864c47241a6bb34def32..aecb930249b636035ab6a47330dac4637f4bc865 100644 (file)
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -801,6 +801,11 @@ process_option(opt, cmd, argv)
                free(*optptr);
            *optptr = sv;
        }
                free(*optptr);
            *optptr = sv;
        }

+       /* obfuscate original argument for things like password */
+       if (opt->flags & OPT_HIDE) {
+           memset(*argv, '?', strlen(*argv));
+           *argv = "********";
+       }

        break;
 
     case o_special_noarg:
        break;
 
     case o_special_noarg: