Some attempt to clear the passphrase command-line argument from the memory.

diff --git a/frontend/src/main.c b/frontend/src/main.c
index e68864f..e275a99 100644 (file)
--- a/frontend/src/main.c
+++ b/frontend/src/main.c
@@ -16,6 +16,7 @@
 #include <signal.h>
 
 #define BUFF_SIZE 4096U
+
 static const CHR *const ENVV_PASSWD_NAME = T("MCRYPT_PASSWD");
 static volatile int g_interrupted = 0;
 
@@ -114,6 +115,7 @@ static int encrypt(const char* const passphrase, const CHR* const input_path, co
        }
 
        FPUTS(T("Encrypting file contents, please be patient... "), stderr);
+       fflush(stderr);
 
        uint64_t seed;
        if (mcrypt_generate_seed(&seed) != MCRYPT_SUCCESS)
@@ -140,6 +142,7 @@ static int encrypt(const char* const passphrase, const CHR* const input_path, co
        uint8_t buffer[BUFF_SIZE];
 
        FPRINTF(stderr, T("%5.1f%% "), 0.0);
+       fflush(stderr);
 
        while (bytes_read < file_size)
        {
@@ -248,6 +251,7 @@ static int decrypt(const char* const passphrase, const CHR* const input_path, co
        }
 
        FPUTS(T("Decrypting file contents, please be patient... "), stderr);
+       fflush(stderr);
 
        uint64_t seed;
        if (fread(&seed, sizeof(uint64_t), 1U, file_in) < 1U)
@@ -269,6 +273,7 @@ static int decrypt(const char* const passphrase, const CHR* const input_path, co
        const uint64_t read_limit = file_size - sizeof(uint64_t);
 
        FPRINTF(stderr, T("%5.1f%% "), 0.0);
+       fflush(stderr);
 
        while (bytes_read < read_limit)
        {
@@ -444,13 +449,15 @@ static int self_test(void)
        const char* const test_data[] = { TEST_DATA_0, TEST_DATA_1, TEST_DATA_2, TEST_DATA_3, NULL };
 
        size_t completed = 0U;
-       FPRINTF(stderr, T("Self-test is running, please be patient... %2u/%2u"), (unsigned int)completed, (unsigned int)total);
+       FPRINTF(stderr, T("Self-test is running, please be patient... %2u/%2u "), (unsigned int)completed, (unsigned int)total);
+       fflush(stderr);
 
        for (size_t i = 0U; i < 8U; ++i)
        {
                for (size_t j = 0U; test_data[j]; ++j)
                {
-                       FPRINTF(stderr, T("\b\b\b\b\b%2u/%2u"), (unsigned int)++completed, (unsigned int)total);
+                       FPRINTF(stderr, T("\b\b\b\b\b\b%2u/%2u "), (unsigned int)++completed, (unsigned int)total);
+                       fflush(stderr);
                        if (run_test(test_data[j]))
                        {
                                return 1;
@@ -545,6 +552,8 @@ int MAIN(int argc, CHR* argv[])
                return 1;
        }
 
+       mcrypt_bzero((CHR*)passphrase, STRLEN(passphrase) * sizeof(CHR));
+
        if (strlen(passphrase_buffer) < 12U)
        {
                FPUTS(T("Warning: Using a *short* passphrase; a length of 12 characters or more is recommended!\n\n"), stderr);
@@ -587,6 +596,5 @@ exiting:
                free(passphrase_buffer);
        }
 
-       mcrypt_bzero((CHR*)passphrase, STRLEN(passphrase) * sizeof(CHR));
        return result;
 }

diff --git a/frontend/src/utils.c b/frontend/src/utils.c
index 8643c2e..dd16004 100644 (file)
--- a/frontend/src/utils.c
+++ b/frontend/src/utils.c
@@ -24,6 +24,8 @@
 #define S_IFMT  _S_IFMT
 #define S_IFDIR _S_IFDIR
 #define S_IFIFO _S_IFIFO
+extern char    *const _acmdln;
+extern wchar_t *const _wcmdln;
 #else
 #if defined(__USE_LARGEFILE64) && (__USE_LARGEFILE64)
 #define STAT_T struct stat64
@@ -40,6 +42,8 @@ void init_terminal(void)
 #ifdef _WIN32
        SetErrorMode(SEM_FAILCRITICALERRORS | SEM_NOGPFAULTERRORBOX);
        _setmode(_fileno(stderr), _O_U8TEXT);
+       if (_acmdln) SecureZeroMemory(_acmdln, strlen(_acmdln) * sizeof(char));
+       if (_wcmdln) SecureZeroMemory(_wcmdln, wcslen(_wcmdln) * sizeof(wchar_t));
 #endif
 }