To: Mike Steed <
[email protected]>
In-Reply-To: <
[email protected]>
Cc:
[email protected]
Subject: patch 5.4n.22 (was: key)
Fcc: outbox
From: Bram Moolenaar <
[email protected]>
------------
Mike Steed wrote:
> Vim makes some effort to keep the encryption key a secret, but perhaps it
> should try harder. Neither ":set all" nor ":set key" reveals the key, but
> "&key" can be used in an expression to get the current buffer's key (e.g., try
> ":echo &key").
>
> If this has not been worked on, I would like to try closing the easier
> holes.
Getting the value of 'key' in an expression could be a small security hole.
E.g., when your are gone for a moment and someone takes a quick look at your
screen.
I'm glad I can make a patch today! :-)
Patch 5.4n.22
Problem: It was possible to get the value of the encryption key in an
expression with "&key".
Solution: Always return "*****" for "&key".
Files: src/option.c
*** ../vim-5.4n/src/option.c Sun Jul 4 20:35:42 1999
--- src/option.c Fri Jul 9 21:28:17 1999
***************
*** 4328,4334 ****
if (options[opt_idx].flags & P_STRING)
{
if (stringval != NULL)
! *stringval = vim_strsave(*(char_u **)(varp));
return 0;
}
if (options[opt_idx].flags & P_NUM)
--- 4328,4342 ----
if (options[opt_idx].flags & P_STRING)
{
if (stringval != NULL)
! {
! #ifdef CRYPTV
! /* never return the value of the crypt key */
! if ((char_u **)varp == &curbuf->b_p_key)
! *stringval = vim_strsave((char_u *)"*****");
! else
! #endif
! *stringval = vim_strsave(*(char_u **)(varp));
! }
return 0;
}
if (options[opt_idx].flags & P_NUM)
--
hundred-and-one symptoms of being an internet addict:
16. You step out of your room and realize that your parents have moved and you
don't have a clue when it happened.
--/-/---- Bram Moolenaar ----
[email protected] ----
[email protected] ---\-\--
\ \ www.vim.org/iccf www.moolenaar.net www.vim.org / /
