diff options
| author | Ivan Čukić <ivan.cukic@kde.org> | 2018-10-08 21:12:26 +0200 |
|---|---|---|
| committer | Luca Beldi <v.ronin@yahoo.it> | 2018-12-03 10:05:33 +0000 |
| commit | 5dde7bd92211c4049b75738b17532f6d6a66b37c (patch) | |
| tree | 8756838b93db84cd09bbbe0accdbe6c03003ce1d /LICENSE.QT-LICENSE-AGREEMENT-4.0 | |
| parent | 79e4fe54bfc1f36df6137cce84015dbb0a52639a (diff) | |
Erase password data on QLineEdit destruction
The contents of a deleted QString can still remain in memory
and can be accessible by tools that read the raw process memory.
This means that a QLineEdit that serves as a password input field
can leak the password after it is destroyed.
With this patch, the contents of the m_text string member variable
will be zeroed-out before the m_text is destructed. This is done
only in the cases when the QLineEdit serves as a password field.
[ChangeLog][QtWidgets][QWidgetLineControl/security] Zero-out the string
that contains a password entered into the QLineEdit
Change-Id: I8f88f952244bf8a0399c14acf0869439ca0a60ca
Reviewed-by: Luca Beldi <v.ronin@yahoo.it>
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
Diffstat (limited to 'LICENSE.QT-LICENSE-AGREEMENT-4.0')
0 files changed, 0 insertions, 0 deletions