To: Mike Steed In-Reply-To: <19990709154511.521.qmail@nwcst290.netaddress.usa.net> Cc: vim-dev@vim.org Subject: patch 5.4n.22 (was: key) Fcc: outbox From: Bram Moolenaar ------------ Mike Steed wrote: > Vim makes some effort to keep the encryption key a secret, but perhaps it > should try harder. Neither ":set all" nor ":set key" reveals the key, but > "&key" can be used in an expression to get the current buffer's key (e.g., try > ":echo &key"). > > If this has not been worked on, I would like to try closing the easier > holes. Getting the value of 'key' in an expression could be a small security hole. E.g., when your are gone for a moment and someone takes a quick look at your screen. I'm glad I can make a patch today! :-) Patch 5.4n.22 Problem: It was possible to get the value of the encryption key in an expression with "&key". Solution: Always return "*****" for "&key". Files: src/option.c *** ../vim-5.4n/src/option.c Sun Jul 4 20:35:42 1999 --- src/option.c Fri Jul 9 21:28:17 1999 *************** *** 4328,4334 **** if (options[opt_idx].flags & P_STRING) { if (stringval != NULL) ! *stringval = vim_strsave(*(char_u **)(varp)); return 0; } if (options[opt_idx].flags & P_NUM) --- 4328,4342 ---- if (options[opt_idx].flags & P_STRING) { if (stringval != NULL) ! { ! #ifdef CRYPTV ! /* never return the value of the crypt key */ ! if ((char_u **)varp == &curbuf->b_p_key) ! *stringval = vim_strsave((char_u *)"*****"); ! else ! #endif ! *stringval = vim_strsave(*(char_u **)(varp)); ! } return 0; } if (options[opt_idx].flags & P_NUM) -- hundred-and-one symptoms of being an internet addict: 16. You step out of your room and realize that your parents have moved and you don't have a clue when it happened. --/-/---- Bram Moolenaar ---- Bram@moolenaar.net ---- Bram@vim.org ---\-\-- \ \ www.vim.org/iccf www.moolenaar.net www.vim.org / / .