fix: audit MEDIUM fixes — D-Bus race, TOCTOU, FP reset, entry clear (v0.6.11) · 9dfd1829e9 - moonlock

fix: audit MEDIUM fixes — D-Bus race, TOCTOU, FP reset, entry clear (v0.6.11)

- fingerprint: split cleanup_dbus into a sync take_cleanup_proxy() + async
  perform_dbus_cleanup(). resume_async now awaits VerifyStop+Release before
  re-claiming, so fprintd cannot reject the Claim on a slow bus. stop()
  still spawns the cleanup fire-and-forget.
- fingerprint: remove failed_attempts = 0 from resume_async. An attacker
  with sensor control could otherwise cycle verify-match → account-fail →
  resume and never trip the 10-attempt cap.
- lockscreen: open the wallpaper with O_NOFOLLOW and build the texture
  from bytes, closing the TOCTOU between the symlink check and Texture::
  from_file.
- lockscreen: clear password_entry immediately after extracting the
  Zeroizing<String>, shortening the window the GLib GString copy stays in
  libc-malloc'd memory.

This commit is contained in:

nevaforget

2026-04-24 13:21:19 +02:00

parent 39d9cbb624

commit 9dfd1829e9

5 changed files with 81 additions and 24 deletions

Cargo.lock

Generated

+1 -1

View File

@@ -575,7 +575,7 @@ dependencies = [
 [[package]]
 name = "moonlock"
 version = "0.6.9"
 version = "0.6.11"
 dependencies = [
  "gdk-pixbuf",
  "gdk4",