swaylock: Securely zero-out password.

- Replace char* with static array. Any chars > 1024 will be discarded.
- mlock() password buffer so it can't be written to swap.
- Clear password buffer after auth succeeds or fails.

This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519

1 files changed, 1 insertions, 2 deletions

diff --git a/include/swaylock/swaylock.h b/include/swaylock/swaylock.h
index 173e8b12..ed9fea19 100644
--- a/include/swaylock/swaylock.h
+++ b/include/swaylock/swaylock.h
@@ -24,9 +24,8 @@ struct swaylock_args {
 };
 
 struct swaylock_password {
-	size_t size;
 	size_t len;
-	char *buffer;
+	char buffer[1024];
 };
 
 struct swaylock_state {