From 8fbd7fcb8d331194584ef4043b7f4f92ada377bb Mon Sep 17 00:00:00 2001 From: doug Date: Mon, 25 Aug 2014 07:50:25 +0000 Subject: [PATCH] Delete secret or secret-derived data with explicit_bzero. concept ok deraadt@ diff looks ok tedu@ --- bin/systrace/systrace.c | 4 ++-- lib/libc/gen/auth_subr.c | 26 +++++++++++++------------- lib/libutil/check_expire.c | 4 ++-- libexec/ftpd/ftpd.c | 4 ++-- libexec/ftpd/monitor.c | 4 ++-- sbin/iked/ikev2_msg.c | 4 ++-- usr.bin/gzsig/sign.c | 4 ++-- usr.bin/gzsig/ssh.c | 4 ++-- usr.sbin/cron/entry.c | 4 ++-- usr.sbin/ikectl/ikeca.c | 4 ++-- usr.sbin/ldapd/ldapd.c | 4 ++-- usr.sbin/pwd_mkdb/pwd_mkdb.c | 4 ++-- usr.sbin/smtpd/smtpd.c | 4 ++-- usr.sbin/smtpd/ssl.c | 6 +++--- 14 files changed, 40 insertions(+), 40 deletions(-) diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c index 86fac087890..7a57f77c7cf 100644 --- a/bin/systrace/systrace.c +++ b/bin/systrace/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.59 2014/08/09 22:44:15 guenther Exp $ */ +/* $OpenBSD: systrace.c,v 1.60 2014/08/25 07:50:25 doug Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -576,7 +576,7 @@ get_uid_gid(const char *argument, uid_t *uid, gid_t *gid) u = strsep(&g, ":"); if ((pw = getpwnam(u)) != NULL) { - memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); + explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd)); *uid = pw->pw_uid; *gid = pw->pw_gid; /* Ok if group not specified. */ diff --git a/lib/libc/gen/auth_subr.c b/lib/libc/gen/auth_subr.c index 398233d3f0a..cfa857c6b3d 100644 --- a/lib/libc/gen/auth_subr.c +++ b/lib/libc/gen/auth_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth_subr.c,v 1.40 2014/05/25 17:47:04 tedu Exp $ */ +/* $OpenBSD: auth_subr.c,v 1.41 2014/08/25 07:50:25 doug Exp $ */ /* * Copyright (c) 2000-2002,2004 Todd C. Miller @@ -202,7 +202,7 @@ auth_clean(auth_session_t *as) */ while ((data = as->data) != NULL) { if (as->data->len) - memset(as->data->ptr, 0, as->data->len); + explicit_bzero(as->data->ptr, as->data->len); as->data = data->next; free(data); } @@ -210,7 +210,7 @@ auth_clean(auth_session_t *as) auth_setitem(as, AUTHV_ALL, NULL); if (as->pwd != NULL) { - memset(as->pwd->pw_passwd, 0, strlen(as->pwd->pw_passwd)); + explicit_bzero(as->pwd->pw_passwd, strlen(as->pwd->pw_passwd)); free(as->pwd); as->pwd = NULL; } @@ -268,13 +268,13 @@ auth_close(auth_session_t *as) */ while ((data = as->data) != NULL) { if (as->data->len) - memset(as->data->ptr, 0, as->data->len); + explicit_bzero(as->data->ptr, as->data->len); as->data = data->next; free(data); } if (as->pwd != NULL) { - memset(as->pwd->pw_passwd, 0, strlen(as->pwd->pw_passwd)); + explicit_bzero(as->pwd->pw_passwd, strlen(as->pwd->pw_passwd)); free(as->pwd); as->pwd = NULL; } @@ -644,7 +644,7 @@ auth_setpwd(auth_session_t *as, struct passwd *pwd) if ((pwd = pw_dup(pwd)) == NULL) return (-1); /* true failure */ if (as->pwd) { - memset(as->pwd->pw_passwd, 0, strlen(as->pwd->pw_passwd)); + explicit_bzero(as->pwd->pw_passwd, strlen(as->pwd->pw_passwd)); free(as->pwd); } as->pwd = pwd; @@ -828,11 +828,11 @@ auth_call(auth_session_t *as, char *path, ...) if (argc >= Nargc - 1 && _auth_next_arg(as)) { if (memcmp(&nilap, &(as->ap0), sizeof(nilap)) != 0) { va_end(as->ap0); - memset(&(as->ap0), 0, sizeof(as->ap0)); + explicit_bzero(&(as->ap0), sizeof(as->ap0)); } if (memcmp(&nilap, &(as->ap), sizeof(nilap)) != 0) { va_end(as->ap); - memset(&(as->ap), 0, sizeof(as->ap)); + explicit_bzero(&(as->ap), sizeof(as->ap)); } syslog(LOG_ERR, "too many arguments"); goto fail; @@ -883,7 +883,7 @@ auth_call(auth_session_t *as, char *path, ...) as->data = data->next; if (data->len > 0) { write(pfd[0], data->ptr, data->len); - memset(data->ptr, 0, data->len); + explicit_bzero(data->ptr, data->len); } free(data); } @@ -977,12 +977,12 @@ fail: if (memcmp(&nilap, &(as->ap0), sizeof(nilap)) != 0) { va_end(as->ap0); - memset(&(as->ap0), 0, sizeof(as->ap0)); + explicit_bzero(&(as->ap0), sizeof(as->ap0)); } if (memcmp(&nilap, &(as->ap), sizeof(nilap)) != 0) { va_end(as->ap); - memset(&(as->ap), 0, sizeof(as->ap)); + explicit_bzero(&(as->ap), sizeof(as->ap)); } return (okay); } @@ -1088,13 +1088,13 @@ _auth_next_arg(auth_session_t *as) if ((arg = va_arg(as->ap0, char *)) != NULL) return (arg); va_end(as->ap0); - memset(&(as->ap0), 0, sizeof(as->ap0)); + explicit_bzero(&(as->ap0), sizeof(as->ap0)); } if (memcmp(&nilap, &(as->ap), sizeof(nilap)) != 0) { if ((arg = va_arg(as->ap, char *)) != NULL) return (arg); va_end(as->ap); - memset(&(as->ap), 0, sizeof(as->ap)); + explicit_bzero(&(as->ap), sizeof(as->ap)); } return (NULL); } diff --git a/lib/libutil/check_expire.c b/lib/libutil/check_expire.c index 8e23a67fb74..cc141311dad 100644 --- a/lib/libutil/check_expire.c +++ b/lib/libutil/check_expire.c @@ -1,4 +1,4 @@ -/* $OpenBSD: check_expire.c,v 1.9 2013/04/29 00:19:19 okan Exp $ */ +/* $OpenBSD: check_expire.c,v 1.10 2014/08/25 07:50:25 doug Exp $ */ /* * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. @@ -129,7 +129,7 @@ login_check_expire(FILE *back, struct passwd *pwd, char *class, int lastchance) npwd = pw_dup(pwd); npwd->pw_change = 1; p = pwd_update(npwd, pwd); - memset(npwd->pw_passwd, 0, + explicit_bzero(npwd->pw_passwd, strlen(npwd->pw_passwd)); free(npwd); if (p != NULL) { diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index c9ff691b4dd..98c34db3359 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ftpd.c,v 1.203 2014/03/24 16:41:27 tedu Exp $ */ +/* $OpenBSD: ftpd.c,v 1.204 2014/08/25 07:50:25 doug Exp $ */ /* $NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $ */ /* @@ -695,7 +695,7 @@ sgetpwnam(char *name, struct passwd *pw) /* NOTREACHED */ } if (old) { - memset(old->pw_passwd, 0, strlen(old->pw_passwd)); + explicit_bzero(old->pw_passwd, strlen(old->pw_passwd)); free(old); } return (save); diff --git a/libexec/ftpd/monitor.c b/libexec/ftpd/monitor.c index 9983dc010da..0f42cb7416d 100644 --- a/libexec/ftpd/monitor.c +++ b/libexec/ftpd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.20 2009/06/04 01:12:39 sthen Exp $ */ +/* $OpenBSD: monitor.c,v 1.21 2014/08/25 07:50:25 doug Exp $ */ /* * Copyright (c) 2004 Moritz Jodeit @@ -292,7 +292,7 @@ handle_cmds(void) preauth_slave_pid = slave_pid; auth = pass(pw); - bzero(pw, len); + explicit_bzero(pw, len); free(pw); switch (auth) { diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c index 2b2c51c5269..abd25c4462f 100644 --- a/sbin/iked/ikev2_msg.c +++ b/sbin/iked/ikev2_msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_msg.c,v 1.35 2014/05/07 13:04:01 markus Exp $ */ +/* $OpenBSD: ikev2_msg.c,v 1.36 2014/08/25 07:50:25 doug Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -408,7 +408,7 @@ ikev2_msg_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf *src) if ((ptr = ibuf_advance(dst, integrlen)) == NULL) goto done; - bzero(ptr, integrlen); + explicit_bzero(ptr, integrlen); log_debug("%s: length %zu, padding %d, output length %zu", __func__, len + sizeof(pad), pad, ibuf_size(dst)); diff --git a/usr.bin/gzsig/sign.c b/usr.bin/gzsig/sign.c index 7795a85cb61..8bf7864e9cb 100644 --- a/usr.bin/gzsig/sign.c +++ b/usr.bin/gzsig/sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sign.c,v 1.13 2013/03/10 10:36:57 tobias Exp $ */ +/* $OpenBSD: sign.c,v 1.14 2014/08/25 07:50:26 doug Exp $ */ /* * sign.c @@ -206,7 +206,7 @@ sign_passwd_cb(char *buf, int size, int rwflag, void *u) p = getpass("Enter passphrase: "); if (strlcpy(buf, p, size) >= size) errx(1, "Passphrase too long"); - memset(p, 0, strlen(p)); + explicit_bzero(p, strlen(p)); } return (strlen(buf)); diff --git a/usr.bin/gzsig/ssh.c b/usr.bin/gzsig/ssh.c index e7911411f92..b99cf89ce5b 100644 --- a/usr.bin/gzsig/ssh.c +++ b/usr.bin/gzsig/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.3 2014/04/16 05:16:39 miod Exp $ */ +/* $OpenBSD: ssh.c,v 1.4 2014/08/25 07:50:26 doug Exp $ */ /* * ssh.c @@ -252,7 +252,7 @@ load_ssh1_private(RSA *rsa, struct iovec *iov) MD5_Update(&md, (const u_char *)pass, strlen(pass)); MD5_Final(digest, &md); - memset(pass, 0, strlen(pass)); + explicit_bzero(pass, strlen(pass)); if ((dstate = des3_init(digest, sizeof(digest))) == NULL) return (-1); diff --git a/usr.sbin/cron/entry.c b/usr.sbin/cron/entry.c index 8d391ed95fc..8d200ece024 100644 --- a/usr.sbin/cron/entry.c +++ b/usr.sbin/cron/entry.c @@ -1,4 +1,4 @@ -/* $OpenBSD: entry.c,v 1.33 2011/05/19 15:00:17 phessler Exp $ */ +/* $OpenBSD: entry.c,v 1.34 2014/08/25 07:50:26 doug Exp $ */ /* * Copyright 1988,1990,1993,1994 by Paul Vixie @@ -271,7 +271,7 @@ load_entry(FILE *file, void (*error_func)(const char *), struct passwd *pw, ecode = e_memory; goto eof; } - bzero(e->pwd->pw_passwd, strlen(e->pwd->pw_passwd)); + explicit_bzero(e->pwd->pw_passwd, strlen(e->pwd->pw_passwd)); /* copy and fix up environment. some variables are just defaults and * others are overrides. diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c index c66fbb65cd4..cb19ba94ec3 100644 --- a/usr.sbin/ikectl/ikeca.c +++ b/usr.sbin/ikectl/ikeca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikeca.c,v 1.27 2014/07/20 01:38:40 guenther Exp $ */ +/* $OpenBSD: ikeca.c,v 1.28 2014/08/25 07:50:26 doug Exp $ */ /* * Copyright (c) 2010 Jonathan Gray @@ -795,7 +795,7 @@ ca_revoke(struct ca *ca, char *keyname) pass, ca->sslpath, ca->sslpath); system(cmd); - bzero(pass, len); + explicit_bzero(pass, len); free(pass); return (0); diff --git a/usr.sbin/ldapd/ldapd.c b/usr.sbin/ldapd/ldapd.c index 94c039f913f..4dfd3557fe5 100644 --- a/usr.sbin/ldapd/ldapd.c +++ b/usr.sbin/ldapd/ldapd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldapd.c,v 1.10 2013/11/02 13:31:51 deraadt Exp $ */ +/* $OpenBSD: ldapd.c,v 1.11 2014/08/25 07:50:26 doug Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk @@ -298,7 +298,7 @@ ldapd_auth_classful(char *name, char *password) auth_setitem(as, AUTHV_SERVICE, "response"); auth_setdata(as, "", 1); auth_setdata(as, password, strlen(password) + 1); - memset(password, 0, strlen(password)); + explicit_bzero(password, strlen(password)); } else as = NULL; diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c index ba75c34a06f..02ff7493a86 100644 --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pwd_mkdb.c,v 1.44 2014/05/20 01:25:24 guenther Exp $ */ +/* $OpenBSD: pwd_mkdb.c,v 1.45 2014/08/25 07:50:26 doug Exp $ */ /*- * Copyright (c) 1991, 1993, 1994 @@ -591,7 +591,7 @@ db_store(FILE *fp, FILE *oldfp, DB *edp, DB *dp, struct passwd *pw, /* Star out password to make insecure record. */ p = buf + strlen(pw->pw_name) + 1; /* skip pw_name */ len = strlen(pw->pw_passwd); - memset(p, 0, len); /* zero pw_passwd */ + explicit_bzero(p, len); /* zero pw_passwd */ t = p + len + 1; /* skip pw_passwd */ if (len != 0) *p++ = '*'; diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c index 1fbb9117031..5b118d32c46 100644 --- a/usr.sbin/smtpd/smtpd.c +++ b/usr.sbin/smtpd/smtpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.c,v 1.234 2014/07/10 15:54:55 eric Exp $ */ +/* $OpenBSD: smtpd.c,v 1.235 2014/08/25 07:50:26 doug Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -589,7 +589,7 @@ main(int argc, char *argv[]) err(1, "getpass"); env->sc_queue_key = strdup(password); - memset(password, 0, strlen(password)); + explicit_bzero(password, strlen(password)); if (env->sc_queue_key == NULL) err(1, "strdup"); } diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c index 270787a7039..ab2de87946c 100644 --- a/usr.sbin/smtpd/ssl.c +++ b/usr.sbin/smtpd/ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.c,v 1.69 2014/07/10 20:16:48 jsg Exp $ */ +/* $OpenBSD: ssl.c,v 1.70 2014/08/25 07:50:26 doug Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard @@ -146,7 +146,7 @@ ssl_password_cb(char *buf, int size, int rwflag, void *u) { size_t len; if (u == NULL) { - memset(buf, 0, size); + explicit_bzero(buf, size); return (0); } if ((len = strlcpy(buf, u, size)) >= (size_t)size) @@ -171,7 +171,7 @@ ssl_password_cb(char *buf, int size, int rwflag, void *u) ret = len; end: if (len) - memset(pass, 0, len); + explicit_bzero(pass, len); return ret; } -- 2.20.1