LibCore: Make get_password return SecretString instead of String

We shouldn't let secrets sit around in memory, as they could potentially be retrieved by an attacker, or left in memory during a core dump.
author: Brian Gianforcaro <bgianf@serenityos.org> 2021-09-11 09:53:25 -0700
committer: Andreas Kling <kling@serenityos.org> 2021-09-12 16:36:52 +0200
commit: 9e667453c7ebd7021a9203a7c8e3688887af0b48 (patch)
tree: b1b6cc92a3ef3e1a238f69d99dee3eae3d5f4767 /Userland/Utilities/passwd.cpp
parent: 3bf69027904a8a6a32c7acf6684c8e2c4f7bdefb (diff)
download: serenity-9e667453c7ebd7021a9203a7c8e3688887af0b48.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/Userland/Utilities/passwd.cpp b/Userland/Utilities/passwd.cpp
index 23a8c1c242..70860db604 100644
--- a/Userland/Utilities/passwd.cpp
+++ b/Userland/Utilities/passwd.cpp
@@ -5,6 +5,7 @@
  * SPDX-License-Identifier: BSD-2-Clause
  */
 
+#include <AK/ScopeGuard.h>
 #include <LibCore/Account.h>
 #include <LibCore/ArgsParser.h>
 #include <LibCore/GetPassword.h>
@@ -114,7 +115,7 @@ int main(int argc, char** argv)
             return 1;
         }
 
-        if (new_password.value() != new_password_retype.value()) {
+        if (new_password.value().view() != new_password_retype.value().view()) {
             warnln("Sorry, passwords don't match.");
             warnln("Password for user {} unchanged.", target_account.username());
             return 1;
author	Brian Gianforcaro <bgianf@serenityos.org>	2021-09-11 09:53:25 -0700
committer	Andreas Kling <kling@serenityos.org>	2021-09-12 16:36:52 +0200
commit	9e667453c7ebd7021a9203a7c8e3688887af0b48 (patch)
tree	b1b6cc92a3ef3e1a238f69d99dee3eae3d5f4767 /Userland/Utilities/passwd.cpp
parent	3bf69027904a8a6a32c7acf6684c8e2c4f7bdefb (diff)
download	serenity-9e667453c7ebd7021a9203a7c8e3688887af0b48.zip