rpms / krb5

Clone
Source Code
GIT

Blame SOURCES/Implement-k5_buf_init_dynamic_zap.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c41359895e7874e715419cabbee3937a49a4011d
  2.   SOURCES
  3.   Implement-k5_buf_init_dynamic_zap.patch
Blob History Raw
c41359 
From 3d651a6e234bed4c4d4865a56c5fa47dab89a5a6 Mon Sep 17 00:00:00 2001
c41359 
From: Greg Hudson <ghudson@mit.edu>
c41359 
Date: Mon, 26 Mar 2018 11:12:39 -0400
c41359 
Subject: [PATCH] Implement k5_buf_init_dynamic_zap
c41359
c41359 
Add a variant of dynamic k5buf objects which zeroes memory when
c41359 
reallocating or freeing the buffer.
c41359
c41359 
(cherry picked from commit 8ee8246c14702dc03b02e31b9fb5b7c2bb674bfb)
c41359 
---
c41359 
 src/include/k5-buf.h                          |  6 ++-
c41359 
 src/util/support/k5buf.c                      | 41 +++++++++++++++----
c41359 
 src/util/support/libkrb5support-fixed.exports |  1 +
c41359 
 3 files changed, 39 insertions(+), 9 deletions(-)
c41359
c41359 
diff --git a/src/include/k5-buf.h b/src/include/k5-buf.h
c41359 
index 1223916a6..48e2a7d53 100644
c41359 
--- a/src/include/k5-buf.h
c41359 
+++ b/src/include/k5-buf.h
c41359 
@@ -45,7 +45,7 @@
c41359 
  */
c41359
c41359 
 /* Buffer type values */
c41359 
-enum k5buftype { K5BUF_ERROR, K5BUF_FIXED, K5BUF_DYNAMIC };
c41359 
+enum k5buftype { K5BUF_ERROR, K5BUF_FIXED, K5BUF_DYNAMIC, K5BUF_DYNAMIC_ZAP };
c41359
c41359 
 struct k5buf {
c41359 
     enum k5buftype buftype;
c41359 
@@ -63,6 +63,10 @@ void k5_buf_init_fixed(struct k5buf *buf, char *data, size_t space);
c41359 
 /* Initialize a k5buf using an internally allocated dynamic buffer. */
c41359 
 void k5_buf_init_dynamic(struct k5buf *buf);
c41359
c41359 
+/* Initialize a k5buf using an internally allocated dynamic buffer, zeroing
c41359 
+ * memory when reallocating or freeing. */
c41359 
+void k5_buf_init_dynamic_zap(struct k5buf *buf);
c41359 
+
c41359 
 /* Add a C string to BUF. */
c41359 
 void k5_buf_add(struct k5buf *buf, const char *data);
c41359
c41359 
diff --git a/src/util/support/k5buf.c b/src/util/support/k5buf.c
c41359 
index 35978f238..b2b5e5b67 100644
c41359 
--- a/src/util/support/k5buf.c
c41359 
+++ b/src/util/support/k5buf.c
c41359 
@@ -37,7 +37,7 @@
c41359 
 /*
c41359 
  * Structure invariants:
c41359 
  *
c41359 
- * buftype is K5BUF_FIXED, K5BUF_DYNAMIC, or K5BUF_ERROR
c41359 
+ * buftype is K5BUF_FIXED, K5BUF_DYNAMIC, K5BUF_DYNAMIC_ZAP, or K5BUF_ERROR
c41359 
  * if buftype is K5BUF_ERROR, the other fields are NULL or 0
c41359 
  * if buftype is not K5BUF_ERROR:
c41359 
  *   space > 0
c41359 
@@ -77,22 +77,35 @@ ensure_space(struct k5buf *buf, size_t len)
c41359 
         return 1;
c41359 
     if (buf->buftype == K5BUF_FIXED) /* Can't resize a fixed buffer. */
c41359 
         goto error_exit;
c41359 
-    assert(buf->buftype == K5BUF_DYNAMIC);
c41359 
+    assert(buf->buftype == K5BUF_DYNAMIC || buf->buftype == K5BUF_DYNAMIC_ZAP);
c41359 
     new_space = buf->space * 2;
c41359 
     while (new_space - buf->len - 1 < len) {
c41359 
         if (new_space > SIZE_MAX / 2)
c41359 
             goto error_exit;
c41359 
         new_space *= 2;
c41359 
     }
c41359 
-    new_data = realloc(buf->data, new_space);
c41359 
-    if (new_data == NULL)
c41359 
-        goto error_exit;
c41359 
+    if (buf->buftype == K5BUF_DYNAMIC_ZAP) {
c41359 
+        /* realloc() could leave behind a partial copy of sensitive data. */
c41359 
+        new_data = malloc(new_space);
c41359 
+        if (new_data == NULL)
c41359 
+            goto error_exit;
c41359 
+        memcpy(new_data, buf->data, buf->len);
c41359 
+        new_data[buf->len] = '\0';
c41359 
+        zap(buf->data, buf->len);
c41359 
+        free(buf->data);
c41359 
+    } else {
c41359 
+        new_data = realloc(buf->data, new_space);
c41359 
+        if (new_data == NULL)
c41359 
+            goto error_exit;
c41359 
+    }
c41359 
     buf->data = new_data;
c41359 
     buf->space = new_space;
c41359 
     return 1;
c41359
c41359 
 error_exit:
c41359 
-    if (buf->buftype == K5BUF_DYNAMIC)
c41359 
+    if (buf->buftype == K5BUF_DYNAMIC_ZAP)
c41359 
+        zap(buf->data, buf->len);
c41359 
+    if (buf->buftype == K5BUF_DYNAMIC_ZAP || buf->buftype == K5BUF_DYNAMIC)
c41359 
         free(buf->data);
c41359 
     set_error(buf);
c41359 
     return 0;
c41359 
@@ -123,6 +136,14 @@ k5_buf_init_dynamic(struct k5buf *buf)
c41359 
     *endptr(buf) = '\0';
c41359 
 }
c41359
c41359 
+void
c41359 
+k5_buf_init_dynamic_zap(struct k5buf *buf)
c41359 
+{
c41359 
+    k5_buf_init_dynamic(buf);
c41359 
+    if (buf->buftype == K5BUF_DYNAMIC)
c41359 
+        buf->buftype = K5BUF_DYNAMIC_ZAP;
c41359 
+}
c41359 
+
c41359 
 void
c41359 
 k5_buf_add(struct k5buf *buf, const char *data)
c41359 
 {
c41359 
@@ -163,7 +184,7 @@ k5_buf_add_vfmt(struct k5buf *buf, const char *fmt, va_list ap)
c41359 
     }
c41359
c41359 
     /* Optimistically format the data directly into the dynamic buffer. */
c41359 
-    assert(buf->buftype == K5BUF_DYNAMIC);
c41359 
+    assert(buf->buftype == K5BUF_DYNAMIC || buf->buftype == K5BUF_DYNAMIC_ZAP);
c41359 
     va_copy(apcopy, ap);
c41359 
     r = vsnprintf(endptr(buf), remaining, fmt, apcopy);
c41359 
     va_end(apcopy);
c41359 
@@ -197,6 +218,8 @@ k5_buf_add_vfmt(struct k5buf *buf, const char *fmt, va_list ap)
c41359 
         memcpy(endptr(buf), tmp, r + 1);
c41359 
         buf->len += r;
c41359 
     }
c41359 
+    if (buf->buftype == K5BUF_DYNAMIC_ZAP)
c41359 
+        zap(tmp, strlen(tmp));
c41359 
     free(tmp);
c41359 
 }
c41359
c41359 
@@ -241,7 +264,9 @@ k5_buf_free(struct k5buf *buf)
c41359 
 {
c41359 
     if (buf->buftype == K5BUF_ERROR)
c41359 
         return;
c41359 
-    assert(buf->buftype == K5BUF_DYNAMIC);
c41359 
+    assert(buf->buftype == K5BUF_DYNAMIC || buf->buftype == K5BUF_DYNAMIC_ZAP);
c41359 
+    if (buf->buftype == K5BUF_DYNAMIC_ZAP)
c41359 
+        zap(buf->data, buf->len);
c41359 
     free(buf->data);
c41359 
     set_error(buf);
c41359 
 }
c41359 
diff --git a/src/util/support/libkrb5support-fixed.exports b/src/util/support/libkrb5support-fixed.exports
c41359 
index cb9bf0826..a5e2ade04 100644
c41359 
--- a/src/util/support/libkrb5support-fixed.exports
c41359 
+++ b/src/util/support/libkrb5support-fixed.exports
c41359 
@@ -3,6 +3,7 @@ k5_base64_encode
c41359 
 k5_bcmp
c41359 
 k5_buf_init_fixed
c41359 
 k5_buf_init_dynamic
c41359 
+k5_buf_init_dynamic_zap
c41359 
 k5_buf_add
c41359 
 k5_buf_add_len
c41359 
 k5_buf_add_fmt

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation