mirror of git://anongit.mindrot.org/openssh.git
upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
This commit is contained in:
parent
9e3220b585
commit
d5ba1c0327
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-options.c,v 1.90 2019/11/25 00:54:23 djm Exp $ */
|
||||
/* $OpenBSD: auth-options.c,v 1.91 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
|
@ -222,8 +222,7 @@ sshauthopt_free(struct sshauthopt *opts)
|
|||
free(opts->permitlisten[i]);
|
||||
free(opts->permitlisten);
|
||||
|
||||
explicit_bzero(opts, sizeof(*opts));
|
||||
free(opts);
|
||||
freezero(opts, sizeof(*opts));
|
||||
}
|
||||
|
||||
struct sshauthopt *
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-chall.c,v 1.52 2019/11/13 04:47:52 deraadt Exp $ */
|
||||
/* $OpenBSD: auth2-chall.c,v 1.53 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2001 Per Allansson. All rights reserved.
|
||||
|
@ -147,8 +147,7 @@ kbdint_free(KbdintAuthctxt *kbdintctxt)
|
|||
if (kbdintctxt->device)
|
||||
kbdint_reset_device(kbdintctxt);
|
||||
free(kbdintctxt->devices);
|
||||
explicit_bzero(kbdintctxt, sizeof(*kbdintctxt));
|
||||
free(kbdintctxt);
|
||||
freezero(kbdintctxt, sizeof(*kbdintctxt));
|
||||
}
|
||||
/* get next device */
|
||||
static int
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-passwd.c,v 1.17 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: auth2-passwd.c,v 1.18 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -66,8 +66,7 @@ userauth_passwd(struct ssh *ssh)
|
|||
logit("password change not supported");
|
||||
else if (PRIVSEP(auth_password(ssh, password)) == 1)
|
||||
authenticated = 1;
|
||||
explicit_bzero(password, len);
|
||||
free(password);
|
||||
freezero(password, len);
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
|
|
8
authfd.c
8
authfd.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: authfd.c,v 1.121 2019/12/21 02:19:13 djm Exp $ */
|
||||
/* $OpenBSD: authfd.c,v 1.122 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -561,10 +561,8 @@ ssh_remove_identity(int sock, struct sshkey *key)
|
|||
goto out;
|
||||
r = decode_reply(type);
|
||||
out:
|
||||
if (blob != NULL) {
|
||||
explicit_bzero(blob, blen);
|
||||
free(blob);
|
||||
}
|
||||
if (blob != NULL)
|
||||
freezero(blob, blen);
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
}
|
||||
|
|
11
channels.c
11
channels.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: channels.c,v 1.395 2020/01/25 06:40:20 djm Exp $ */
|
||||
/* $OpenBSD: channels.c,v 1.396 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -625,14 +625,12 @@ channel_free(struct ssh *ssh, Channel *c)
|
|||
if (cc->abandon_cb != NULL)
|
||||
cc->abandon_cb(ssh, c, cc->ctx);
|
||||
TAILQ_REMOVE(&c->status_confirms, cc, entry);
|
||||
explicit_bzero(cc, sizeof(*cc));
|
||||
free(cc);
|
||||
freezero(cc, sizeof(*cc));
|
||||
}
|
||||
if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
|
||||
c->filter_cleanup(ssh, c->self, c->filter_ctx);
|
||||
sc->channels[c->self] = NULL;
|
||||
explicit_bzero(c, sizeof(*c));
|
||||
free(c);
|
||||
freezero(c, sizeof(*c));
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -3295,8 +3293,7 @@ channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh)
|
|||
return 0;
|
||||
cc->cb(ssh, type, c, cc->ctx);
|
||||
TAILQ_REMOVE(&c->status_confirms, cc, entry);
|
||||
explicit_bzero(cc, sizeof(*cc));
|
||||
free(cc);
|
||||
freezero(cc, sizeof(*cc));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
8
cipher.c
8
cipher.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: cipher.c,v 1.114 2020/01/23 10:24:29 dtucker Exp $ */
|
||||
/* $OpenBSD: cipher.c,v 1.115 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -328,8 +328,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
|
|||
#ifdef WITH_OPENSSL
|
||||
EVP_CIPHER_CTX_free(cc->evp);
|
||||
#endif /* WITH_OPENSSL */
|
||||
explicit_bzero(cc, sizeof(*cc));
|
||||
free(cc);
|
||||
freezero(cc, sizeof(*cc));
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
|
@ -434,8 +433,7 @@ cipher_free(struct sshcipher_ctx *cc)
|
|||
EVP_CIPHER_CTX_free(cc->evp);
|
||||
cc->evp = NULL;
|
||||
#endif
|
||||
explicit_bzero(cc, sizeof(*cc));
|
||||
free(cc);
|
||||
freezero(cc, sizeof(*cc));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: clientloop.c,v 1.341 2020/02/26 01:31:47 dtucker Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.342 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -473,8 +473,7 @@ client_global_request_reply(int type, u_int32_t seq, struct ssh *ssh)
|
|||
gc->cb(ssh, type, seq, gc->ctx);
|
||||
if (--gc->ref_count <= 0) {
|
||||
TAILQ_REMOVE(&global_confirms, gc, entry);
|
||||
explicit_bzero(gc, sizeof(*gc));
|
||||
free(gc);
|
||||
freezero(gc, sizeof(*gc));
|
||||
}
|
||||
|
||||
ssh_packet_set_alive_timeouts(ssh, 0);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: digest-libc.c,v 1.6 2017/05/08 22:57:38 djm Exp $ */
|
||||
/* $OpenBSD: digest-libc.c,v 1.7 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
|
||||
* Copyright (c) 2014 Markus Friedl. All rights reserved.
|
||||
|
@ -230,8 +230,7 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
|
|||
if (digest) {
|
||||
explicit_bzero(ctx->mdctx, digest->ctx_len);
|
||||
free(ctx->mdctx);
|
||||
explicit_bzero(ctx, sizeof(*ctx));
|
||||
free(ctx);
|
||||
freezero(ctx, sizeof(*ctx));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
5
hmac.c
5
hmac.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: hmac.c,v 1.13 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: hmac.c,v 1.14 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2014 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -131,8 +131,7 @@ ssh_hmac_free(struct ssh_hmac_ctx *ctx)
|
|||
explicit_bzero(ctx->buf, ctx->buf_len);
|
||||
free(ctx->buf);
|
||||
}
|
||||
explicit_bzero(ctx, sizeof(*ctx));
|
||||
free(ctx);
|
||||
freezero(ctx, sizeof(*ctx));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: hostfile.c,v 1.77 2020/01/25 00:21:08 djm Exp $ */
|
||||
/* $OpenBSD: hostfile.c,v 1.78 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -298,8 +298,7 @@ free_hostkeys(struct hostkeys *hostkeys)
|
|||
explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
|
||||
}
|
||||
free(hostkeys->entries);
|
||||
explicit_bzero(hostkeys, sizeof(*hostkeys));
|
||||
free(hostkeys);
|
||||
freezero(hostkeys, sizeof(*hostkeys));
|
||||
}
|
||||
|
||||
static int
|
||||
|
|
5
kex.c
5
kex.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kex.c,v 1.156 2020/01/23 10:24:29 dtucker Exp $ */
|
||||
/* $OpenBSD: kex.c,v 1.157 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -670,8 +670,7 @@ kex_free_newkeys(struct newkeys *newkeys)
|
|||
}
|
||||
free(newkeys->mac.name);
|
||||
explicit_bzero(&newkeys->mac, sizeof(newkeys->mac));
|
||||
explicit_bzero(newkeys, sizeof(*newkeys));
|
||||
free(newkeys);
|
||||
freezero(newkeys, sizeof(*newkeys));
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */
|
||||
/* $OpenBSD: monitor.c,v 1.209 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
|
@ -893,8 +893,7 @@ mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
/* Only authenticate if the context is valid */
|
||||
authenticated = options.password_authentication &&
|
||||
auth_password(ssh, passwd);
|
||||
explicit_bzero(passwd, plen);
|
||||
free(passwd);
|
||||
freezero(passwd, plen);
|
||||
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_put_u32(m, authenticated)) != 0)
|
||||
|
|
11
ssh-add.c
11
ssh-add.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-add.c,v 1.153 2020/02/18 08:58:33 dtucker Exp $ */
|
||||
/* $OpenBSD: ssh-add.c,v 1.154 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -105,8 +105,7 @@ static void
|
|||
clear_pass(void)
|
||||
{
|
||||
if (pass) {
|
||||
explicit_bzero(pass, strlen(pass));
|
||||
free(pass);
|
||||
freezero(pass, strlen(pass));
|
||||
pass = NULL;
|
||||
}
|
||||
}
|
||||
|
@ -521,8 +520,7 @@ lock_agent(int agent_fd, int lock)
|
|||
fprintf(stderr, "Passwords do not match.\n");
|
||||
passok = 0;
|
||||
}
|
||||
explicit_bzero(p2, strlen(p2));
|
||||
free(p2);
|
||||
freezero(p2, strlen(p2));
|
||||
}
|
||||
if (passok) {
|
||||
if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) {
|
||||
|
@ -533,8 +531,7 @@ lock_agent(int agent_fd, int lock)
|
|||
lock ? "" : "un", ssh_err(r));
|
||||
}
|
||||
}
|
||||
explicit_bzero(p1, strlen(p1));
|
||||
free(p1);
|
||||
freezero(p1, strlen(p1));
|
||||
return (ret);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-agent.c,v 1.255 2020/02/06 22:30:54 naddy Exp $ */
|
||||
/* $OpenBSD: ssh-agent.c,v 1.256 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -620,8 +620,7 @@ process_lock_agent(SocketEntry *e, int lock)
|
|||
fatal("bcrypt_pbkdf");
|
||||
success = 1;
|
||||
}
|
||||
explicit_bzero(passwd, pwlen);
|
||||
free(passwd);
|
||||
freezero(passwd, pwlen);
|
||||
send_status(e, success);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-dss.c,v 1.37 2018/02/07 02:06:51 jsing Exp $ */
|
||||
/* $OpenBSD: ssh-dss.c,v 1.39 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -200,10 +200,8 @@ ssh_dss_verify(const struct sshkey *key,
|
|||
BN_clear_free(sig_s);
|
||||
sshbuf_free(b);
|
||||
free(ktype);
|
||||
if (sigblob != NULL) {
|
||||
explicit_bzero(sigblob, len);
|
||||
free(sigblob);
|
||||
}
|
||||
if (sigblob != NULL)
|
||||
freezero(sigblob, len);
|
||||
return ret;
|
||||
}
|
||||
#endif /* WITH_OPENSSL */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-ed25519-sk.c,v 1.4 2019/11/26 03:04:27 djm Exp $ */
|
||||
/* $OpenBSD: ssh-ed25519-sk.c,v 1.5 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -154,10 +154,8 @@ ssh_ed25519_sk_verify(const struct sshkey *key,
|
|||
details = NULL;
|
||||
}
|
||||
out:
|
||||
if (m != NULL) {
|
||||
explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
|
||||
free(m);
|
||||
}
|
||||
if (m != NULL)
|
||||
freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
|
||||
sshkey_sig_details_free(details);
|
||||
sshbuf_free(b);
|
||||
sshbuf_free(encoded);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-ed25519.c,v 1.7 2016/04/21 06:08:02 djm Exp $ */
|
||||
/* $OpenBSD: ssh-ed25519.c,v 1.8 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
|
||||
*
|
||||
|
@ -83,10 +83,8 @@ ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
|
|||
r = 0;
|
||||
out:
|
||||
sshbuf_free(b);
|
||||
if (sig != NULL) {
|
||||
explicit_bzero(sig, slen);
|
||||
free(sig);
|
||||
}
|
||||
if (sig != NULL)
|
||||
freezero(sig, slen);
|
||||
|
||||
return r;
|
||||
}
|
||||
|
@ -153,14 +151,10 @@ ssh_ed25519_verify(const struct sshkey *key,
|
|||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
if (sm != NULL) {
|
||||
explicit_bzero(sm, smlen);
|
||||
free(sm);
|
||||
}
|
||||
if (m != NULL) {
|
||||
explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
|
||||
free(m);
|
||||
}
|
||||
if (sm != NULL)
|
||||
freezero(sm, smlen);
|
||||
if (m != NULL)
|
||||
freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
|
||||
sshbuf_free(b);
|
||||
free(ktype);
|
||||
return r;
|
||||
|
|
26
ssh-keygen.c
26
ssh-keygen.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-keygen.c,v 1.398 2020/02/07 03:27:54 djm Exp $ */
|
||||
/* $OpenBSD: ssh-keygen.c,v 1.399 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -327,8 +327,7 @@ load_identity(const char *filename, char **commentp)
|
|||
else
|
||||
pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN);
|
||||
r = sshkey_load_private(filename, pass, &prv, commentp);
|
||||
explicit_bzero(pass, strlen(pass));
|
||||
free(pass);
|
||||
freezero(pass, strlen(pass));
|
||||
if (r != 0)
|
||||
fatal("Load key \"%s\": %s", filename, ssh_err(r));
|
||||
return prv;
|
||||
|
@ -1424,8 +1423,7 @@ do_change_passphrase(struct passwd *pw)
|
|||
RP_ALLOW_STDIN);
|
||||
r = sshkey_load_private(identity_file, old_passphrase,
|
||||
&private, &comment);
|
||||
explicit_bzero(old_passphrase, strlen(old_passphrase));
|
||||
free(old_passphrase);
|
||||
freezero(old_passphrase, strlen(old_passphrase));
|
||||
if (r != 0)
|
||||
goto badkey;
|
||||
} else if (r != 0) {
|
||||
|
@ -1456,8 +1454,7 @@ do_change_passphrase(struct passwd *pw)
|
|||
exit(1);
|
||||
}
|
||||
/* Destroy the other copy. */
|
||||
explicit_bzero(passphrase2, strlen(passphrase2));
|
||||
free(passphrase2);
|
||||
freezero(passphrase2, strlen(passphrase2));
|
||||
}
|
||||
|
||||
/* Save the file using the new passphrase. */
|
||||
|
@ -1465,15 +1462,13 @@ do_change_passphrase(struct passwd *pw)
|
|||
comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
|
||||
error("Saving key \"%s\" failed: %s.",
|
||||
identity_file, ssh_err(r));
|
||||
explicit_bzero(passphrase1, strlen(passphrase1));
|
||||
free(passphrase1);
|
||||
freezero(passphrase1, strlen(passphrase1));
|
||||
sshkey_free(private);
|
||||
free(comment);
|
||||
exit(1);
|
||||
}
|
||||
/* Destroy the passphrase and the copy of the key in memory. */
|
||||
explicit_bzero(passphrase1, strlen(passphrase1));
|
||||
free(passphrase1);
|
||||
freezero(passphrase1, strlen(passphrase1));
|
||||
sshkey_free(private); /* Destroys contents */
|
||||
free(comment);
|
||||
|
||||
|
@ -1543,8 +1538,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
|
|||
/* Try to load using the passphrase. */
|
||||
if ((r = sshkey_load_private(identity_file, passphrase,
|
||||
&private, &comment)) != 0) {
|
||||
explicit_bzero(passphrase, strlen(passphrase));
|
||||
free(passphrase);
|
||||
freezero(passphrase, strlen(passphrase));
|
||||
fatal("Cannot load private key \"%s\": %s.",
|
||||
identity_file, ssh_err(r));
|
||||
}
|
||||
|
@ -1589,14 +1583,12 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
|
|||
rounds)) != 0) {
|
||||
error("Saving key \"%s\" failed: %s",
|
||||
identity_file, ssh_err(r));
|
||||
explicit_bzero(passphrase, strlen(passphrase));
|
||||
free(passphrase);
|
||||
freezero(passphrase, strlen(passphrase));
|
||||
sshkey_free(private);
|
||||
free(comment);
|
||||
exit(1);
|
||||
}
|
||||
explicit_bzero(passphrase, strlen(passphrase));
|
||||
free(passphrase);
|
||||
freezero(passphrase, strlen(passphrase));
|
||||
if ((r = sshkey_from_private(private, &public)) != 0)
|
||||
fatal("sshkey_from_private failed: %s", ssh_err(r));
|
||||
sshkey_free(private);
|
||||
|
|
20
ssh-xmss.c
20
ssh-xmss.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $*/
|
||||
/* $OpenBSD: ssh-xmss.c,v 1.2 2020/02/26 13:40:09 jsg Exp $*/
|
||||
/*
|
||||
* Copyright (c) 2017 Stefan-Lukas Gazdag.
|
||||
* Copyright (c) 2017 Markus Friedl.
|
||||
|
@ -103,10 +103,8 @@ ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
|
|||
r = ret;
|
||||
}
|
||||
sshbuf_free(b);
|
||||
if (sig != NULL) {
|
||||
explicit_bzero(sig, slen);
|
||||
free(sig);
|
||||
}
|
||||
if (sig != NULL)
|
||||
freezero(sig, slen);
|
||||
|
||||
return r;
|
||||
}
|
||||
|
@ -177,14 +175,10 @@ ssh_xmss_verify(const struct sshkey *key,
|
|||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
if (sm != NULL) {
|
||||
explicit_bzero(sm, smlen);
|
||||
free(sm);
|
||||
}
|
||||
if (m != NULL) {
|
||||
explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
|
||||
free(m);
|
||||
}
|
||||
if (sm != NULL)
|
||||
freezero(sm, smlen);
|
||||
if (m != NULL)
|
||||
freezero(m, smlen);
|
||||
sshbuf_free(b);
|
||||
free(ktype);
|
||||
return r;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshbuf-misc.c,v 1.13 2020/01/25 23:28:06 djm Exp $ */
|
||||
/* $OpenBSD: sshbuf-misc.c,v 1.14 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2011 Damien Miller
|
||||
*
|
||||
|
@ -156,17 +156,14 @@ sshbuf_b64tod(struct sshbuf *buf, const char *b64)
|
|||
if ((p = malloc(plen)) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((nlen = b64_pton(b64, p, plen)) < 0) {
|
||||
explicit_bzero(p, plen);
|
||||
free(p);
|
||||
freezero(p, plen);
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
if ((r = sshbuf_put(buf, p, nlen)) < 0) {
|
||||
explicit_bzero(p, plen);
|
||||
free(p);
|
||||
freezero(p, plen);
|
||||
return r;
|
||||
}
|
||||
explicit_bzero(p, plen);
|
||||
free(p);
|
||||
freezero(p, plen);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
5
sshbuf.c
5
sshbuf.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshbuf.c,v 1.14 2020/01/23 07:10:22 dtucker Exp $ */
|
||||
/* $OpenBSD: sshbuf.c,v 1.15 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2011 Damien Miller
|
||||
*
|
||||
|
@ -164,8 +164,7 @@ sshbuf_free(struct sshbuf *buf)
|
|||
explicit_bzero(buf->d, buf->alloc);
|
||||
free(buf->d);
|
||||
}
|
||||
explicit_bzero(buf, sizeof(*buf));
|
||||
free(buf);
|
||||
freezero(buf, sizeof(*buf));
|
||||
}
|
||||
|
||||
void
|
||||
|
|
44
sshkey.c
44
sshkey.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshkey.c,v 1.99 2020/01/21 05:56:56 djm Exp $ */
|
||||
/* $OpenBSD: sshkey.c,v 1.100 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
|
||||
|
@ -1019,10 +1019,8 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg,
|
|||
r = 0;
|
||||
out:
|
||||
free(ret);
|
||||
if (blob != NULL) {
|
||||
explicit_bzero(blob, blob_len);
|
||||
free(blob);
|
||||
}
|
||||
if (blob != NULL)
|
||||
freezero(blob, blob_len);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -1280,12 +1278,10 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg,
|
|||
dgst_raw, dgst_raw_len, k);
|
||||
break;
|
||||
default:
|
||||
explicit_bzero(dgst_raw, dgst_raw_len);
|
||||
free(dgst_raw);
|
||||
freezero(dgst_raw, dgst_raw_len);
|
||||
return NULL;
|
||||
}
|
||||
explicit_bzero(dgst_raw, dgst_raw_len);
|
||||
free(dgst_raw);
|
||||
freezero(dgst_raw, dgst_raw_len);
|
||||
return retval;
|
||||
}
|
||||
|
||||
|
@ -4054,18 +4050,12 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob,
|
|||
sshbuf_free(encrypted);
|
||||
cipher_free(ciphercontext);
|
||||
explicit_bzero(salt, sizeof(salt));
|
||||
if (key != NULL) {
|
||||
explicit_bzero(key, keylen + ivlen);
|
||||
free(key);
|
||||
}
|
||||
if (pubkeyblob != NULL) {
|
||||
explicit_bzero(pubkeyblob, pubkeylen);
|
||||
free(pubkeyblob);
|
||||
}
|
||||
if (b64 != NULL) {
|
||||
explicit_bzero(b64, strlen(b64));
|
||||
free(b64);
|
||||
}
|
||||
if (key != NULL)
|
||||
freezero(key, keylen + ivlen);
|
||||
if (pubkeyblob != NULL)
|
||||
freezero(pubkeyblob, pubkeylen);
|
||||
if (b64 != NULL)
|
||||
freezero(b64, strlen(b64));
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -4273,14 +4263,10 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
|
|||
free(ciphername);
|
||||
free(kdfname);
|
||||
free(comment);
|
||||
if (salt != NULL) {
|
||||
explicit_bzero(salt, slen);
|
||||
free(salt);
|
||||
}
|
||||
if (key != NULL) {
|
||||
explicit_bzero(key, keylen + ivlen);
|
||||
free(key);
|
||||
}
|
||||
if (salt != NULL)
|
||||
freezero(salt, slen);
|
||||
if (key != NULL)
|
||||
freezero(key, keylen + ivlen);
|
||||
sshbuf_free(encoded);
|
||||
sshbuf_free(decoded);
|
||||
sshbuf_free(kdf);
|
||||
|
|
5
umac.c
5
umac.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: umac.c,v 1.18 2019/11/13 04:47:52 deraadt Exp $ */
|
||||
/* $OpenBSD: umac.c,v 1.19 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/* -----------------------------------------------------------------------
|
||||
*
|
||||
* umac.c -- C Implementation UMAC Message Authentication
|
||||
|
@ -1205,8 +1205,7 @@ int umac_delete(struct umac_ctx *ctx)
|
|||
if (ctx) {
|
||||
if (ALLOC_BOUNDARY)
|
||||
ctx = (struct umac_ctx *)ctx->free_ptr;
|
||||
explicit_bzero(ctx, sizeof(*ctx) + ALLOC_BOUNDARY);
|
||||
free(ctx);
|
||||
freezero(ctx, sizeof(*ctx) + ALLOC_BOUNDARY);
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue