diff --git a/crates/askpass/src/encrypted_password.rs b/crates/askpass/src/encrypted_password.rs index f027faa2cda163e0aa5344623991e7082a0983ec..2684f76e8992fa5f33bbeb07996e834fccbf04fa 100644 --- a/crates/askpass/src/encrypted_password.rs +++ b/crates/askpass/src/encrypted_password.rs @@ -63,12 +63,14 @@ impl TryFrom<&str> for EncryptedPassword { if padded_length != len { value.resize(padded_length as usize, 0); } - unsafe { - CryptProtectMemory( - value.as_mut_ptr() as _, - len, - CRYPTPROTECTMEMORY_SAME_PROCESS, - )?; + if len != 0 { + unsafe { + CryptProtectMemory( + value.as_mut_ptr() as _, + len, + CRYPTPROTECTMEMORY_SAME_PROCESS, + )?; + } } Ok(Self(value, len)) } @@ -91,19 +93,22 @@ pub(crate) fn decrypt(mut password: EncryptedPassword) -> Result { password.0.len(), CRYPTPROTECTMEMORY_BLOCK_SIZE ); - unsafe { - CryptUnprotectMemory( - password.0.as_mut_ptr() as _, - password.1, - CRYPTPROTECTMEMORY_SAME_PROCESS, - ) - .context("while decrypting a SSH password")? - }; + if password.1 != 0 { + unsafe { + CryptUnprotectMemory( + password.0.as_mut_ptr() as _, + password.1, + CRYPTPROTECTMEMORY_SAME_PROCESS, + ) + .context("while decrypting a SSH password")? + }; - { - // Remove padding - _ = password.0.drain(password.1 as usize..); + { + // Remove padding + _ = password.0.drain(password.1 as usize..); + } } + Ok(String::from_utf8(std::mem::take(&mut password.0))?) } #[cfg(not(windows))] diff --git a/crates/remote/src/transport/ssh.rs b/crates/remote/src/transport/ssh.rs index 2afed3f900012e969135b82bae627b5e4a9ddac2..cd6e73d0a710840f4dd6740fe1521a75a797e440 100644 --- a/crates/remote/src/transport/ssh.rs +++ b/crates/remote/src/transport/ssh.rs @@ -354,6 +354,7 @@ impl SshRemoteConnection { &temp_dir, askpass .get_password() + .or_else(|| askpass::EncryptedPassword::try_from("").ok()) .context("Failed to fetch askpass password")?, )?; drop(askpass);