From f00211be2215c47e0b35fca6de4d2cdcdf1596d3 Mon Sep 17 00:00:00 2001 From: reyk Date: Tue, 11 Apr 2017 09:57:19 +0000 Subject: [PATCH] Use freezero(3) for the imsg framework in imsg_free(3) and ibuf_free(3). In our privsep model, imsg is often used to transport sensitive information between processes. But a process might free an imsg, and reuse the memory for a different thing. iked uses some explicit_bzero() to clean imsg-buffer but doing it in the library with the freezero() is less error-prone and also benefits other daemons. OK deraadt@ jsing@ claudio@ --- lib/libutil/imsg-buffer.c | 4 ++-- lib/libutil/imsg.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/libutil/imsg-buffer.c b/lib/libutil/imsg-buffer.c index f12d4ef58c4..821cb95614e 100644 --- a/lib/libutil/imsg-buffer.c +++ b/lib/libutil/imsg-buffer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: imsg-buffer.c,v 1.9 2017/03/17 14:51:26 deraadt Exp $ */ +/* $OpenBSD: imsg-buffer.c,v 1.10 2017/04/11 09:57:19 reyk Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -182,7 +182,7 @@ ibuf_free(struct ibuf *buf) { if (buf == NULL) return; - free(buf->buf); + freezero(buf->buf, buf->size); free(buf); } diff --git a/lib/libutil/imsg.c b/lib/libutil/imsg.c index ab9ef851ce2..89d16ae8fc9 100644 --- a/lib/libutil/imsg.c +++ b/lib/libutil/imsg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: imsg.c,v 1.14 2017/03/24 09:34:12 nicm Exp $ */ +/* $OpenBSD: imsg.c,v 1.15 2017/04/11 09:57:19 reyk Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -263,7 +263,7 @@ imsg_close(struct imsgbuf *ibuf, struct ibuf *msg) void imsg_free(struct imsg *imsg) { - free(imsg->data); + freezero(imsg->data, imsg->hdr.len - IMSG_HEADER_SIZE); } int -- 2.20.1