Prevent cached passwords from being wiped (#884)

FabianHenneke · msfjarvis · commit cc2bb763980a · 2020-06-26T12:51:30.000+05:30
(cherry picked from commit 889208b) Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
diff --git a/app/src/main/java/com/zeapo/pwdstore/git/config/SshjSessionFactory.kt b/app/src/main/java/com/zeapo/pwdstore/git/config/SshjSessionFactory.kt
@@ -38,13 +38,13 @@ import kotlin.coroutines.suspendCoroutine
 sealed class SshAuthData {
     class Password(val passwordFinder: InteractivePasswordFinder) : SshAuthData() {
         override fun clearCredentials() {
-            passwordFinder.clearPassword()
+            passwordFinder.clearPasswords()
         }
     }
 
     class PublicKeyFile(val keyFile: File, val passphraseFinder: InteractivePasswordFinder) : SshAuthData() {
         override fun clearCredentials() {
-            passphraseFinder.clearPassword()
+            passphraseFinder.clearPasswords()
         }
     }
 
@@ -57,13 +57,14 @@ abstract class InteractivePasswordFinder : PasswordFinder {
 
     private var isRetry = false
     private var lastPassword: CharArray? = null
+    private val rememberToWipe: MutableList<CharArray> = mutableListOf()
 
     fun resetForReuse() {
         isRetry = false
     }
 
-    fun clearPassword() {
-        lastPassword?.clear()
+    fun clearPasswords() {
+        rememberToWipe.forEach { it.clear() }
         lastPassword = null
     }
 
@@ -73,17 +74,20 @@ abstract class InteractivePasswordFinder : PasswordFinder {
             // now being reused for a new one. We try the previous password so that the user
             // does not have to type it again.
             isRetry = true
-            return lastPassword!!
+            return lastPassword!!.clone().also { rememberToWipe.add(it) }
         }
-        clearPassword()
+        clearPasswords()
         val password = runBlocking(Dispatchers.Main) {
             suspendCoroutine<String?> { cont ->
                 askForPassword(cont, isRetry)
             }
         }
         isRetry = true
-        return password?.toCharArray()?.also { lastPassword = it }
-            ?: throw SSHException(DisconnectReason.AUTH_CANCELLED_BY_USER)
+        if (password == null)
+            throw SSHException(DisconnectReason.AUTH_CANCELLED_BY_USER)
+        val passwordChars = password.toCharArray().also { rememberToWipe.add(it) }
+        lastPassword = passwordChars
+        return passwordChars.clone().also { rememberToWipe.add(it) }
     }
 
     final override fun shouldRetry(resource: Resource<*>?) = true

Original file line number	Diff line number	Diff line change
`@@ -38,13 +38,13 @@ import kotlin.coroutines.suspendCoroutine`
`38`	`38`	`sealed class SshAuthData {`
`39`	`39`	`class Password(val passwordFinder: InteractivePasswordFinder) : SshAuthData() {`
`40`	`40`	`override fun clearCredentials() {`
`41`		`- passwordFinder.clearPassword()`
	`41`	`+ passwordFinder.clearPasswords()`
`42`	`42`	`}`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`class PublicKeyFile(val keyFile: File, val passphraseFinder: InteractivePasswordFinder) : SshAuthData() {`
`46`	`46`	`override fun clearCredentials() {`
`47`		`- passphraseFinder.clearPassword()`
	`47`	`+ passphraseFinder.clearPasswords()`
`48`	`48`	`}`
`49`	`49`	`}`
`50`	`50`
`@@ -57,13 +57,14 @@ abstract class InteractivePasswordFinder : PasswordFinder {`
`57`	`57`
`58`	`58`	`private var isRetry = false`
`59`	`59`	`private var lastPassword: CharArray? = null`
	`60`	`+ private val rememberToWipe: MutableList<CharArray> = mutableListOf()`
`60`	`61`
`61`	`62`	`fun resetForReuse() {`
`62`	`63`	`isRetry = false`
`63`	`64`	`}`
`64`	`65`
`65`		`- fun clearPassword() {`
`66`		`- lastPassword?.clear()`
	`66`	`+ fun clearPasswords() {`
	`67`	`+ rememberToWipe.forEach { it.clear() }`
`67`	`68`	`lastPassword = null`
`68`	`69`	`}`
`69`	`70`
`@@ -73,17 +74,20 @@ abstract class InteractivePasswordFinder : PasswordFinder {`
`73`	`74`	`// now being reused for a new one. We try the previous password so that the user`
`74`	`75`	`// does not have to type it again.`
`75`	`76`	`isRetry = true`
`76`		`- return lastPassword!!`
	`77`	`+ return lastPassword!!.clone().also { rememberToWipe.add(it) }`
`77`	`78`	`}`
`78`		`- clearPassword()`
	`79`	`+ clearPasswords()`
`79`	`80`	`val password = runBlocking(Dispatchers.Main) {`
`80`	`81`	`suspendCoroutine<String?> { cont ->`
`81`	`82`	`askForPassword(cont, isRetry)`
`82`	`83`	`}`
`83`	`84`	`}`
`84`	`85`	`isRetry = true`
`85`		`- return password?.toCharArray()?.also { lastPassword = it }`
`86`		`- ?: throw SSHException(DisconnectReason.AUTH_CANCELLED_BY_USER)`
	`86`	`+ if (password == null)`
	`87`	`+ throw SSHException(DisconnectReason.AUTH_CANCELLED_BY_USER)`
	`88`	`+ val passwordChars = password.toCharArray().also { rememberToWipe.add(it) }`
	`89`	`+ lastPassword = passwordChars`
	`90`	`+ return passwordChars.clone().also { rememberToWipe.add(it) }`
`87`	`91`	`}`
`88`	`92`
`89`	`93`	`final override fun shouldRetry(resource: Resource<*>?) = true`