lib/agetpass.*: Use alloca(3) to minimize visibility of passwords

The stack should have enough space for PASS_MAX+2 allocations.

Signed-off-by: Alejandro Colomar <[email protected]>

Author: alejandro-colomar

lib/agetpass.h

@@ -8,26 +8,23 @@
 
 #include <config.h>
 
+#include <alloca.h>
 #include <errno.h>
 #include <limits.h>
 #include <readpassphrase.h>
 #include <stddef.h>
-#include <stdlib.h>
 #include <string.h>
 
 #include "alloc/malloc.h"
 #include "attr.h"
-
-#if WITH_LIBBSD == 0
-#include "freezero.h"
-#endif /* WITH_LIBBSD */
+#include "string/memset/memzero.h"
 
 
 // Similar to getpass(3), but free of its problems.
 #define agetpass(prompt)  agetpass_(prompt, RPP_REQUIRE_TTY)
 #define agetpass_stdin()  agetpass_(NULL, RPP_STDIN)
 
-#define agetpass_(...)    getpass_(MALLOC(PASS_MAX + 2, char), __VA_ARGS__)
+#define agetpass_(...)    getpass_(alloca(PASS_MAX + 2), __VA_ARGS__)
 
 
 inline void erase_pass(char *pass);
@@ -40,9 +37,6 @@ getpass_(char pass[PASS_MAX + 2], const char *prompt, int flags)
 {
 	size_t  len;
 
-	if (pass == NULL)
-		return NULL;
-
 	/*
 	 * Since we want to support passwords upto PASS_MAX, we need
 	 * PASS_MAX bytes for the password itself, and one more byte for
@@ -63,15 +57,15 @@ getpass_(char pass[PASS_MAX + 2], const char *prompt, int flags)
 	return pass;
 
 fail:
-	freezero(pass, PASS_MAX + 2);
+	memzero(pass, PASS_MAX + 2);
 	return NULL;
 }
 
 
 inline void
 erase_pass(char *pass)
 {
-	freezero(pass, PASS_MAX + 2);
+	memzero(pass, PASS_MAX + 2);
 }