From ae54fcfadeb52398804fa8900988bf86c0b91748 Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Sat, 21 Mar 2020 15:13:42 +1100
Subject: [PATCH] pppd: Obfuscate password argument string

After processing the argument to the 'password' option, this
overwrites the original argument on the stack with '?' characters,
and for good measure makes the argument pointer point to a constant
string "********" so as not to reveal the length of the password.
This is so that tools such as ps don't show the actual password
when displaying the process arguments.  Nevertheless, it is still
better to get the password from a file, since there is inevitably
still a window of time when the password would be visible.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
 pppd/options.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pppd/options.c b/pppd/options.c
index f1d2dc9..aecb930 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -801,6 +801,11 @@ process_option(opt, cmd, argv)
 		free(*optptr);
 	    *optptr = sv;
 	}
+	/* obfuscate original argument for things like password */
+	if (opt->flags & OPT_HIDE) {
+	    memset(*argv, '?', strlen(*argv));
+	    *argv = "********";
+	}
 	break;
 
     case o_special_noarg:
-- 
2.39.2