Overwrite session key on exit

Fix some compiler warnings

git-svn-id: https://svn.code.sf.net/p/keepassx/code/trunk@248 b624d157-de02-0410-bad0-e51aec6abb33

src/Application_X11.cpp

@@ -35,7 +35,7 @@ bool KeepassApplication::x11EventFilter(XEvent* event){
 				autoTypeGlobal->maskAltGr() | autoTypeGlobal->maskMeta();
 	}
 	
-	if (event->type==KeyPress && autoType->getShortcut().key!=0u &&
+	if (event->type==KeyPress && autoType->getShortcut().key!=0 &&
 			event->xkey.keycode == XKeysymToKeycode(event->xkey.display,HelperX11::getKeysym(autoType->getShortcut().key)) &&
 			(event->xkey.state&remove_invalid) == HelperX11::getShortcutModifierMask(autoType->getShortcut()) &&
 			focusWidget()==NULL)

src/crypto/arcfour.cpp

@@ -18,12 +18,12 @@
 
 #include "arcfour.h"
 
-void CArcFour::setKey(quint8* key, int length){
+void CArcFour::setKey(quint8* key, uint length){
 	RawKey = key;
 	RawKeyLength = length;
 }
 
-void CArcFour::encrypt(const quint8* src, quint8* dst, int length){
+void CArcFour::encrypt(const quint8* src, quint8* dst, uint length){
 	quint8 S[256];
 	quint32 w;
 	

src/crypto/arcfour.h

@@ -21,13 +21,13 @@
 
 class CArcFour{
 	public:
-		void encrypt(const quint8* src, quint8* dst, int length);
-		inline void decrypt(const quint8* src, quint8* dst, int length){encrypt(src,dst,length);} //just for readability
-		void setKey(quint8* key, int length);
+		void encrypt(const quint8* src, quint8* dst, uint length);
+		inline void decrypt(const quint8* src, quint8* dst, uint length){encrypt(src,dst,length);} //just for readability
+		void setKey(quint8* key, uint length);
 		
 	private:
 		quint8* RawKey;
-		int RawKeyLength;
+		uint RawKeyLength;
 };
 
 #endif

src/crypto/yarrow.cpp

@@ -425,7 +425,7 @@ void randomize(void* buffer, unsigned int length){
 
 void strongRandomize(void* buffer, unsigned int length){
 	Q_ASSERT(yarrow256_is_seeded(&StrongCtx));
-	for(int i=0; i<length;i++)
+	for(uint i=0; i<length;i++)
 		yarrow256_random(&StrongCtx,1,(quint8*)buffer+i);	
 }
 

src/lib/AutoTypeGlobalX11.cpp

@@ -87,7 +87,7 @@ void AutoTypeGlobalX11::windowTitles(Window window, QStringList& titleList){
 	unsigned int num_children;
 	int tree = XQueryTree(dpy, window, &root, &parent, &children, &num_children);
 	if (tree && children){
-		for (int i=0; i<num_children; i++)
+		for (uint i=0; i<num_children; i++)
 			windowTitles(children[i], titleList);
 	}
 	else
@@ -220,7 +220,7 @@ bool AutoTypeGlobalX11::registerGlobalShortcut(const Shortcut& s){
 		return true;
 	
 	int code=XKeysymToKeycode(dpy, HelperX11::getKeysym(s.key));
-	int mod=HelperX11::getShortcutModifierMask(s);
+	uint mod=HelperX11::getShortcutModifierMask(s);
 	
 	HelperX11::startCatchErrors();
 	XGrabKey(dpy, code, mod, windowRoot, true, GrabModeAsync, GrabModeAsync);
@@ -247,7 +247,7 @@ void AutoTypeGlobalX11::unregisterGlobalShortcut(){
 	if (shortcut.key==0) return;
 	
 	int code=XKeysymToKeycode(dpy, HelperX11::getKeysym(shortcut.key));
-	int mod=HelperX11::getShortcutModifierMask(shortcut);
+	uint mod=HelperX11::getShortcutModifierMask(shortcut);
 	
 	XUngrabKey(dpy, code, mod, windowRoot);
 	XUngrabKey(dpy, code, mod | Mod2Mask, windowRoot);

src/lib/HelperX11.cpp

@@ -24,10 +24,10 @@
 #ifdef GLOBAL_AUTOTYPE
 #include "AutoTypeGlobalX11.h"
 
-int HelperX11::getShortcutModifierMask(const Shortcut& s){
+uint HelperX11::getShortcutModifierMask(const Shortcut& s){
 	AutoTypeGlobalX11* autoTypeGlobal = static_cast<AutoTypeGlobalX11*>(autoType);
 	
-	int mod = 0;
+	uint mod = 0;
 	if (s.ctrl) mod |= ControlMask;
 	if (s.shift) mod |= ShiftMask;
 	if (s.alt) mod |= autoTypeGlobal->maskAlt();

src/lib/HelperX11.h

@@ -34,7 +34,7 @@ class HelperX11{
 	public:
 		static KeySym getKeysym(const QChar& c);
 #ifdef GLOBAL_AUTOTYPE
-		static int getShortcutModifierMask(const Shortcut& s);
+		static uint getShortcutModifierMask(const Shortcut& s);
 #endif
 		static unsigned int keyboardModifiers(Display* d);
 		

src/lib/SecString.cpp

@@ -18,8 +18,8 @@
  *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
  ***************************************************************************/
 
-using namespace std;
 CArcFour SecString::RC4;
+quint8* SecString::sessionkey;
 
 SecString::operator QString(){
 	return string();
@@ -88,17 +88,21 @@ void SecString::overwrite(QString& str){
 	if(str.length()==0)
 		return;
 	
-	for(int i=0; i<str.length(); i++)
-		((char*)str.data())[i] = 0;
+	overwrite((unsigned char*)str.data(), str.capacity());
 }
 
 void SecString::generateSessionKey(){
-	quint8* sessionkey = new quint8[32];
+	sessionkey = new quint8[32];
 	lockPage(sessionkey, 32);
 	randomize(sessionkey, 32);
 	RC4.setKey(sessionkey, 32);
 }
 
+void SecString::deleteSessionKey() {
+	overwrite(sessionkey, 32);
+	delete[] sessionkey;
+}
+
 
 SecData::SecData(int len) : locked(true){
 	length = len;
@@ -110,7 +114,7 @@ SecData::~SecData(){
 		for (int i=0; i<length; i++)
 			data[i] = 0;
 	}
-	delete data;
+	delete[] data;
 }
 
 void SecData::lock(){

src/lib/SecString.h

@@ -52,9 +52,11 @@ public:
 	static void overwrite(unsigned char* str,int len);
 	static void overwrite(QString& str);
 	static void generateSessionKey();
+	static void deleteSessionKey();
 	
 private:
 	static CArcFour RC4;
+	static quint8* sessionkey;
 	bool locked;
 	QByteArray crypt;
 	QString plain;

src/main.cpp

@@ -157,6 +157,7 @@ int main(int argc, char **argv)
 	delete eventListener;
 
 	fileDlgHistory.save();
+	SecString::deleteSessionKey();
 	delete app;
 	delete config;
 	return r;