diff options
author | Ivan Čukić <ivan.cukic@kde.org> | 2018-10-08 21:12:26 +0200 |
---|---|---|
committer | Luca Beldi <v.ronin@yahoo.it> | 2018-12-03 10:05:33 +0000 |
commit | 5dde7bd92211c4049b75738b17532f6d6a66b37c (patch) | |
tree | 8756838b93db84cd09bbbe0accdbe6c03003ce1d /src/widgets/widgets/qwidgetlinecontrol_p.h | |
parent | 79e4fe54bfc1f36df6137cce84015dbb0a52639a (diff) |
Erase password data on QLineEdit destruction
The contents of a deleted QString can still remain in memory
and can be accessible by tools that read the raw process memory.
This means that a QLineEdit that serves as a password input field
can leak the password after it is destroyed.
With this patch, the contents of the m_text string member variable
will be zeroed-out before the m_text is destructed. This is done
only in the cases when the QLineEdit serves as a password field.
[ChangeLog][QtWidgets][QWidgetLineControl/security] Zero-out the string
that contains a password entered into the QLineEdit
Change-Id: I8f88f952244bf8a0399c14acf0869439ca0a60ca
Reviewed-by: Luca Beldi <v.ronin@yahoo.it>
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
Diffstat (limited to 'src/widgets/widgets/qwidgetlinecontrol_p.h')
-rw-r--r-- | src/widgets/widgets/qwidgetlinecontrol_p.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/widgets/widgets/qwidgetlinecontrol_p.h b/src/widgets/widgets/qwidgetlinecontrol_p.h index 3e33bc0605..b730b415f0 100644 --- a/src/widgets/widgets/qwidgetlinecontrol_p.h +++ b/src/widgets/widgets/qwidgetlinecontrol_p.h @@ -110,6 +110,12 @@ public: ~QWidgetLineControl() { + // If this control is used for password input, we don't want the + // password data to stay in the process memory, therefore we need + // to zero it out + if (m_echoMode != QLineEdit::Normal) + m_text.fill('\0'); + delete [] m_maskData; } |