commit 1e22a0f1a0348846eb56f534f101776dc445b764
author Vernon Mauery <vernon.mauery@linux.intel.com> Fri Jul 30 13:36:54 2021 -0700
committer Vernon Mauery <vernon.mauery@linux.intel.com> Wed Sep 01 02:46:32 2021 +0000
tree 56a9f78efe47ff81cbe6c0bba2f444d671527107
parent a67caed71e1553235eb5b2ae0e252e654111a382

Use SecureString where there is data to be cleansed

SecureString has quite a few places it should be used in the user
management code.

Tested: ran set password, test password, and other commands

Change-Id: Ia53bc914d25f7965c3e72d5cf18346e0fa9339b9
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

user_channel/passwd_mgr.hpp

diff --git a/user_channel/passwd_mgr.hpp b/user_channel/passwd_mgr.hpp
index 4c94480..8704f83 100644
--- a/user_channel/passwd_mgr.hpp
+++ b/user_channel/passwd_mgr.hpp
@@ -17,6 +17,7 @@
 #include <openssl/evp.h>
 
 #include <ctime>
+#include <ipmid/types.hpp>
 #include <string>
 #include <unordered_map>
 #include <vector>
@@ -45,7 +46,7 @@
      * @return password string. will return empty string, if unable to locate
      * the user
      */
-    std::string getPasswdByUserName(const std::string& userName);
+    SecureString getPasswdByUserName(const std::string& userName);
 
     /** @brief Update / clear  username and password entry for the specified
      * user
@@ -61,7 +62,7 @@
 
   private:
     using UserName = std::string;
-    using Password = std::string;
+    using Password = SecureString;
     std::unordered_map<UserName, Password> passwdMapList;
     std::time_t fileLastUpdatedTime;
 
@@ -87,7 +88,7 @@
      *
      * @return error response
      */
-    int readPasswdFileData(std::vector<uint8_t>& outBytes);
+    int readPasswdFileData(SecureString& outBytes);
     /** @brief  Updates special password file by clearing the password entry
      *  for the user specified.
      *