nemunaire/eiwd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security: wipe passphrases, bind hidden stash to SSID, re-register agent

Browse source 
Wipe passphrase memory in the auth and hidden-network dialogs (explicit_bzero
on owned copies plus overwriting the elm_entry buffer before destruction) so
secrets don't linger on the heap. Bind the hidden-network passphrase stash to
its SSID with a 30s timeout, so a typo'd or out-of-range hidden connect can't
leak its passphrase to an unrelated network whose RequestPassphrase happens
to land first. Re-RegisterAgent on iwd NameOwnerChanged so PSK connects
survive systemctl restart iwd instead of silently hanging.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
nemunaire 2026-04-29 11:24:45 +07:00
commit 0ab9561d2b
8 changed files with 161 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/e_mod_main.c
View file

@ -42,6 +42,7 @@ e_modapi_shutdown(E_Module *m EINA_UNUSED)
if (!e_iwd) return 1;
e_iwd_gadget_shutdown();
e_iwd_popup_shutdown();
if (e_iwd->manager) iwd_manager_free(e_iwd->manager);
e_iwd_config_save();
if (e_iwd->conn) eldbus_connection_unref(e_iwd->conn);