From f060cb5c63923d6caec784f65f3bb0aadf52f795 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 6 Mar 2018 16:22:42 +0100
Subject: [PATCH] agent: Also evict cached items via a timer.

* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--

This change mitigates the risk of having cached items in a post mortem
dump.

GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 agent/agent.h      |  1 +
 agent/cache.c      | 20 ++++++++++++++++++++
 agent/gpg-agent.c  |  3 +++
 doc/gpg-agent.texi |  5 ++++-
 4 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/agent/agent.h b/agent/agent.h
index c2d857959..743b76595 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -450,6 +450,7 @@ int agent_clear_passphrase (ctrl_t ctrl,
 /*-- cache.c --*/
 void initialize_module_cache (void);
 void deinitialize_module_cache (void);
+void agent_cache_housekeeping (void);
 void agent_flush_cache (void);
 int agent_put_cache (const char *key, cache_mode_t cache_mode,
                      const char *data, int ttl);
diff --git a/agent/cache.c b/agent/cache.c
index 80d5f8d1e..ed5c97cd2 100644
--- a/agent/cache.c
+++ b/agent/cache.c
@@ -258,6 +258,26 @@ housekeeping (void)
 }
 
 
+void
+agent_cache_housekeeping (void)
+{
+  int res;
+
+  if (DBG_CACHE)
+    log_debug ("agent_cache_housekeeping\n");
+
+  res = npth_mutex_lock (&cache_lock);
+  if (res)
+    log_fatal ("failed to acquire cache mutex: %s\n", strerror (res));
+
+  housekeeping ();
+
+  res = npth_mutex_unlock (&cache_lock);
+  if (res)
+    log_fatal ("failed to release cache mutex: %s\n", strerror (res));
+}
+
+
 void
 agent_flush_cache (void)
 {
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index a1964ece8..bd9a471e8 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -2398,6 +2398,9 @@ handle_tick (void)
     }
 #endif
 
+  /* Need to check for expired cache entries.  */
+  agent_cache_housekeeping ();
+
   /* Check whether the homedir is still available.  */
   if (!shutdown_pending
       && (!have_homedir_inotify || !reliable_homedir_inotify)
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 3e8bd894d..4781bbdca 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -403,7 +403,10 @@ control this behavior but this command line option takes precedence.
 Set the time a cache entry is valid to @var{n} seconds.  The default
 is 600 seconds.  Each time a cache entry is accessed, the entry's
 timer is reset.  To set an entry's maximum lifetime, use
-@command{max-cache-ttl}.
+@command{max-cache-ttl}.  Note that a cached passphrase may not
+evicted immediately from memory if no client requests a cache
+operation.  This is due to an internal housekeeping function which is
+only run every few seconds.
 
 @item --default-cache-ttl-ssh @var{n}
 @opindex default-cache-ttl