diff options
| author |   otto <otto@openbsd.org> | 2019-05-21 06:38:44 +0000 |
|---|---|---|
| committer | otto <otto@openbsd.org> | 2019-05-21 06:38:44 +0000 |
| commit | cdaf00a5cfeecc240d22b36037c80d92d25d9d7d (patch) | |
| tree | 7852acb5b660e77dae170f00edaf3775ce74ebe6 | |
| parent | kern.timecounter.choices: Don't offer the dummy counter as an option. (diff) | |
| download | wireguard-openbsd-cdaf00a5cfeecc240d22b36037c80d92d25d9d7d.tar.xz wireguard-openbsd-cdaf00a5cfeecc240d22b36037c80d92d25d9d7d.zip | |
Use malloc_ and calloc_conceal() to allocate memory for sensitive,
private key data. We leave the corresponding freezero() calls since
the code might be ported to a system not having the conceal functions.
This also makes sure the stdio bufer is concealed. And zap a
redundant free(buf); ok gilles@
| -rw-r--r-- | usr.sbin/smtpd/ssl.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c index 7cbee5637f1..fbb9055af12 100644 --- a/usr.sbin/smtpd/ssl.c +++ b/usr.sbin/smtpd/ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.c,v 1.90 2018/12/20 19:40:13 gilles Exp $ */ +/* $OpenBSD: ssl.c,v 1.91 2019/05/21 06:38:44 otto Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -183,7 +183,7 @@ ssl_load_key(const char *name, off_t *len, char *pass, mode_t perm, const char * EVP_PKEY *key = NULL; BIO *bio = NULL; long size; - char *data, *buf = NULL; + char *data, *buf, *filebuf; struct stat st; char mode[12]; char prompt[2048]; @@ -196,6 +196,9 @@ ssl_load_key(const char *name, off_t *len, char *pass, mode_t perm, const char * */ if ((fp = fopen(name, "r")) == NULL) return (NULL); + if ((filebuf = malloc_conceal(BUFSIZ)) == NULL) + goto fail; + setvbuf(fp, filebuf, _IOFBF, BUFSIZ); if (fstat(fileno(fp), &st) != 0) goto fail; @@ -216,6 +219,8 @@ ssl_load_key(const char *name, off_t *len, char *pass, mode_t perm, const char * key = PEM_read_PrivateKey(fp, NULL, ssl_password_cb, prompt); fclose(fp); fp = NULL; + freezero(filebuf, BUFSIZ); + filebuf = NULL; if (key == NULL) goto fail; /* @@ -227,7 +232,7 @@ ssl_load_key(const char *name, off_t *len, char *pass, mode_t perm, const char * goto fail; if ((size = BIO_get_mem_data(bio, &data)) <= 0) goto fail; - if ((buf = calloc(1, size + 1)) == NULL) + if ((buf = calloc_conceal(1, size + 1)) == NULL) goto fail; memcpy(buf, data, size); @@ -239,11 +244,11 @@ ssl_load_key(const char *name, off_t *len, char *pass, mode_t perm, const char * fail: ssl_error("ssl_load_key"); - free(buf); BIO_free_all(bio); EVP_PKEY_free(key); if (fp) fclose(fp); + freezero(filebuf, BUFSIZ); return (NULL); } |