diff options
| author |   doug <doug@openbsd.org> | 2014-08-25 07:50:25 +0000 |
|---|---|---|
| committer | doug <doug@openbsd.org> | 2014-08-25 07:50:25 +0000 |
| commit | 8fbd7fcb8d331194584ef4043b7f4f92ada377bb (patch) | |
| tree | f0df72951716ad86cd3ad90b30dadead7be9c4bf /lib | |
| parent | Display usage on 2 lines. (diff) | |
| download | wireguard-openbsd-8fbd7fcb8d331194584ef4043b7f4f92ada377bb.tar.xz wireguard-openbsd-8fbd7fcb8d331194584ef4043b7f4f92ada377bb.zip | |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@
diff looks ok tedu@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/gen/auth_subr.c | 26 | ||||
| -rw-r--r-- | lib/libutil/check_expire.c | 4 |
2 files changed, 15 insertions, 15 deletions
diff --git a/lib/libc/gen/auth_subr.c b/lib/libc/gen/auth_subr.c index 398233d3f0a..cfa857c6b3d 100644 --- a/lib/libc/gen/auth_subr.c +++ b/lib/libc/gen/auth_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth_subr.c,v 1.40 2014/05/25 17:47:04 tedu Exp $ */ +/* $OpenBSD: auth_subr.c,v 1.41 2014/08/25 07:50:25 doug Exp $ */ /* * Copyright (c) 2000-2002,2004 Todd C. Miller <Todd.Miller@courtesan.com> @@ -202,7 +202,7 @@ auth_clean(auth_session_t *as) */ while ((data = as->data) != NULL) { if (as->data->len) - memset(as->data->ptr, 0, as->data->len); + explicit_bzero(as->data->ptr, as->data->len); as->data = data->next; free(data); } @@ -210,7 +210,7 @@ auth_clean(auth_session_t *as) auth_setitem(as, AUTHV_ALL, NULL); if (as->pwd != NULL) { - memset(as->pwd->pw_passwd, 0, strlen(as->pwd->pw_passwd)); + explicit_bzero(as->pwd->pw_passwd, strlen(as->pwd->pw_passwd)); free(as->pwd); as->pwd = NULL; } @@ -268,13 +268,13 @@ auth_close(auth_session_t *as) */ while ((data = as->data) != NULL) { if (as->data->len) - memset(as->data->ptr, 0, as->data->len); + explicit_bzero(as->data->ptr, as->data->len); as->data = data->next; free(data); } if (as->pwd != NULL) { - memset(as->pwd->pw_passwd, 0, strlen(as->pwd->pw_passwd)); + explicit_bzero(as->pwd->pw_passwd, strlen(as->pwd->pw_passwd)); free(as->pwd); as->pwd = NULL; } @@ -644,7 +644,7 @@ auth_setpwd(auth_session_t *as, struct passwd *pwd) if ((pwd = pw_dup(pwd)) == NULL) return (-1); /* true failure */ if (as->pwd) { - memset(as->pwd->pw_passwd, 0, strlen(as->pwd->pw_passwd)); + explicit_bzero(as->pwd->pw_passwd, strlen(as->pwd->pw_passwd)); free(as->pwd); } as->pwd = pwd; @@ -828,11 +828,11 @@ auth_call(auth_session_t *as, char *path, ...) if (argc >= Nargc - 1 && _auth_next_arg(as)) { if (memcmp(&nilap, &(as->ap0), sizeof(nilap)) != 0) { va_end(as->ap0); - memset(&(as->ap0), 0, sizeof(as->ap0)); + explicit_bzero(&(as->ap0), sizeof(as->ap0)); } if (memcmp(&nilap, &(as->ap), sizeof(nilap)) != 0) { va_end(as->ap); - memset(&(as->ap), 0, sizeof(as->ap)); + explicit_bzero(&(as->ap), sizeof(as->ap)); } syslog(LOG_ERR, "too many arguments"); goto fail; @@ -883,7 +883,7 @@ auth_call(auth_session_t *as, char *path, ...) as->data = data->next; if (data->len > 0) { write(pfd[0], data->ptr, data->len); - memset(data->ptr, 0, data->len); + explicit_bzero(data->ptr, data->len); } free(data); } @@ -977,12 +977,12 @@ fail: if (memcmp(&nilap, &(as->ap0), sizeof(nilap)) != 0) { va_end(as->ap0); - memset(&(as->ap0), 0, sizeof(as->ap0)); + explicit_bzero(&(as->ap0), sizeof(as->ap0)); } if (memcmp(&nilap, &(as->ap), sizeof(nilap)) != 0) { va_end(as->ap); - memset(&(as->ap), 0, sizeof(as->ap)); + explicit_bzero(&(as->ap), sizeof(as->ap)); } return (okay); } @@ -1088,13 +1088,13 @@ _auth_next_arg(auth_session_t *as) if ((arg = va_arg(as->ap0, char *)) != NULL) return (arg); va_end(as->ap0); - memset(&(as->ap0), 0, sizeof(as->ap0)); + explicit_bzero(&(as->ap0), sizeof(as->ap0)); } if (memcmp(&nilap, &(as->ap), sizeof(nilap)) != 0) { if ((arg = va_arg(as->ap, char *)) != NULL) return (arg); va_end(as->ap); - memset(&(as->ap), 0, sizeof(as->ap)); + explicit_bzero(&(as->ap), sizeof(as->ap)); } return (NULL); } diff --git a/lib/libutil/check_expire.c b/lib/libutil/check_expire.c index 8e23a67fb74..cc141311dad 100644 --- a/lib/libutil/check_expire.c +++ b/lib/libutil/check_expire.c @@ -1,4 +1,4 @@ -/* $OpenBSD: check_expire.c,v 1.9 2013/04/29 00:19:19 okan Exp $ */ +/* $OpenBSD: check_expire.c,v 1.10 2014/08/25 07:50:25 doug Exp $ */ /* * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. @@ -129,7 +129,7 @@ login_check_expire(FILE *back, struct passwd *pwd, char *class, int lastchance) npwd = pw_dup(pwd); npwd->pw_change = 1; p = pwd_update(npwd, pwd); - memset(npwd->pw_passwd, 0, + explicit_bzero(npwd->pw_passwd, strlen(npwd->pw_passwd)); free(npwd); if (p != NULL) { |