From 5dde7bd92211c4049b75738b17532f6d6a66b37c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivan=20=C4=8Cuki=C4=87?= Date: Mon, 8 Oct 2018 21:12:26 +0200 Subject: Erase password data on QLineEdit destruction The contents of a deleted QString can still remain in memory and can be accessible by tools that read the raw process memory. This means that a QLineEdit that serves as a password input field can leak the password after it is destroyed. With this patch, the contents of the m_text string member variable will be zeroed-out before the m_text is destructed. This is done only in the cases when the QLineEdit serves as a password field. [ChangeLog][QtWidgets][QWidgetLineControl/security] Zero-out the string that contains a password entered into the QLineEdit Change-Id: I8f88f952244bf8a0399c14acf0869439ca0a60ca Reviewed-by: Luca Beldi Reviewed-by: Eskil Abrahamsen Blomfeldt --- src/widgets/widgets/qwidgetlinecontrol_p.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/widgets/widgets/qwidgetlinecontrol_p.h b/src/widgets/widgets/qwidgetlinecontrol_p.h index 3e33bc0605..b730b415f0 100644 --- a/src/widgets/widgets/qwidgetlinecontrol_p.h +++ b/src/widgets/widgets/qwidgetlinecontrol_p.h @@ -110,6 +110,12 @@ public: ~QWidgetLineControl() { + // If this control is used for password input, we don't want the + // password data to stay in the process memory, therefore we need + // to zero it out + if (m_echoMode != QLineEdit::Normal) + m_text.fill('\0'); + delete [] m_maskData; } -- cgit v1.2.3