Use freezero(3) for the imsg framework in imsg_free(3) and ibuf_free(3).

In our privsep model, imsg is often used to transport sensitive
information between processes.  But a process might free an imsg, and
reuse the memory for a different thing.  iked uses some
explicit_bzero() to clean imsg-buffer but doing it in the library with
the freezero() is less error-prone and also benefits other daemons.

OK deraadt@ jsing@ claudio@

diff --git a/lib/libutil/imsg-buffer.c b/lib/libutil/imsg-buffer.c
index f12d4ef..821cb95 100644 (file)
--- a/lib/libutil/imsg-buffer.c
+++ b/lib/libutil/imsg-buffer.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: imsg-buffer.c,v 1.9 2017/03/17 14:51:26 deraadt Exp $ */
+/*     $OpenBSD: imsg-buffer.c,v 1.10 2017/04/11 09:57:19 reyk Exp $   */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -182,7 +182,7 @@ ibuf_free(struct ibuf *buf)
 {
        if (buf == NULL)
                return;
-       free(buf->buf);
+       freezero(buf->buf, buf->size);
        free(buf);
 }
 

diff --git a/lib/libutil/imsg.c b/lib/libutil/imsg.c
index ab9ef85..89d16ae 100644 (file)
--- a/lib/libutil/imsg.c
+++ b/lib/libutil/imsg.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: imsg.c,v 1.14 2017/03/24 09:34:12 nicm Exp $  */
+/*     $OpenBSD: imsg.c,v 1.15 2017/04/11 09:57:19 reyk Exp $  */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -263,7 +263,7 @@ imsg_close(struct imsgbuf *ibuf, struct ibuf *msg)
 void
 imsg_free(struct imsg *imsg)
 {
-       free(imsg->data);
+       freezero(imsg->data, imsg->hdr.len - IMSG_HEADER_SIZE);
 }
 
 int