We got a complain from user that it is possible to create WinRAR dump with "Create dump file" command in Windows Task Manager and then easily locate Unicode password string in the dump. It is unsecure if several people share the same computer and somebody left WinRAR copy with entered password. So we decided to obfuscate the password to make it more difficult to find it in dump.
| 100 | // password. So we decided to obfuscate the password to make it more difficult |
| 101 | // to find it in dump. |
| 102 | void SecPassword::Process(const wchar *Src,size_t SrcSize,wchar *Dst,size_t DstSize,bool Encode) |
| 103 | { |
| 104 | // Source string can be shorter than destination as in case when we process |
| 105 | // -p<pwd> parameter, so we need to take into account both sizes. |
| 106 | memcpy(Dst,Src,Min(SrcSize,DstSize)*sizeof(*Dst)); |
| 107 | SecHideData(Dst,DstSize*sizeof(*Dst),Encode,CrossProcess); |
| 108 | } |
| 109 | |
| 110 | |
| 111 | void SecPassword::Get(wchar *Psw,size_t MaxSize) |
nothing calls this directly
no test coverage detected