I have a pointer to a GtkEntry that contains a password that's input by the user. I want to call Libsodium's secure memset function on the memory block once I'm done with the GtkEntry. Here's an invalid example that outlines what I'm trying to do:
GtkEntry *entry = GTK_ENTRY(gtk_builder_get_object(builder, "passwordEntry"));
...
const gchar *password = gtk_entry_get_text(entry);
gint length = gtk_entry_get_text_length(entry);
...
sodium_memzero(password, length); // Undefined behaviour
The API specifies for gtk_entry_get_text():
This string points to internally allocated storage in the widget and must not be freed, modified or stored.
So I'm wondering if this would otherwise be possible to do without invoking undefined behaviour?
GtkEntry uses GtkEntryBuffer for managing text. The text stored in GtkEntryBuffer is zerod when it (or the associated GtkEntry) is freed (That is, on g_object_unref)
See its source code 1 and 2.
If you want to use a better secure buffer for saving passwords you can try GcrSecureEntryBuffer. but that requires your project to depend on gcr.
Or if you truely want to use libsodium, you can subclass GtkEntryBuffer and do memory management on your own, and use that buffer to create a GtkEntry.