diff options
| author | Lars Ingebrigtsen <larsi@gnus.org> | 2019-09-20 21:25:47 +0200 |
|---|---|---|
| committer | Lars Ingebrigtsen <larsi@gnus.org> | 2019-09-20 22:10:52 +0200 |
| commit | a420f13155b71b68b964a51ff326ccdf441c2811 (patch) | |
| tree | f4b1b4825ce725ba032053a5c2c9e35bb204bf79 /lisp | |
| parent | 6d50010b34dbbcb90a7b4512f97e07fd8beceea5 (diff) | |
| download | emacs-a420f13155b71b68b964a51ff326ccdf441c2811.tar.gz emacs-a420f13155b71b68b964a51ff326ccdf441c2811.tar.bz2 emacs-a420f13155b71b68b964a51ff326ccdf441c2811.zip | |
Obfuscate auth-source secrets more
* lisp/auth-source.el (auth-source-netrc-normalize): Obfuscate
passwords stored in the lexical closure (bug#37196).
Diffstat (limited to 'lisp')
| -rw-r--r-- | lisp/auth-source.el | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/lisp/auth-source.el b/lisp/auth-source.el index 7d8657da110..83ed90a87f2 100644 --- a/lisp/auth-source.el +++ b/lisp/auth-source.el @@ -1132,11 +1132,15 @@ FILE is the file from which we obtained this token." ((member k '("password")) "secret") (t k))) - ;; send back the secret in a function (lexical binding) + ;; Send back the secret in a function (lexical + ;; binding). We slightly obfuscate the passwords + ;; (that's the "(mapcar #+' ..)" stuff) to avoid + ;; showing the passwords in clear text in backtraces + ;; and the like. (when (equal k "secret") - (setq v (let ((lexv v) + (setq v (let ((lexv (mapcar #'1+ v)) (token-decoder nil)) - (when (string-match "^gpg:" lexv) + (when (string-match "^gpg:" v) ;; it's a GPG token: create a token decoder ;; which unsets itself once (setq token-decoder @@ -1147,9 +1151,11 @@ FILE is the file from which we obtained this token." filename) (setq token-decoder nil))))) (lambda () - (when token-decoder - (setq lexv (funcall token-decoder lexv))) - lexv)))) + (if token-decoder + (funcall token-decoder + (apply #'string + (mapcar #'1- lexv))) + (apply #'string (mapcar #'1- lexv))))))) (setq ret (plist-put ret (auth-source--symbol-keyword k) v)))) |