src - OpenBSD base system

diff options


context:
space:
mode:

author	Doug Hogan <doug@cvs.openbsd.org>	2014-08-25 07:50:27 +0000
committer	Doug Hogan <doug@cvs.openbsd.org>	2014-08-25 07:50:27 +0000
commit	3ce4bc0c280ae5c7531019bcad5a537825322a3c (patch)
tree	a710ec3b6dfae01df1435cb8cf460b5545d9edd9
parent	f18e11632908ef2c093163862bc584b52fe13a54 (diff)

Delete secret or secret-derived data with explicit_bzero.

concept ok deraadt@ diff looks ok tedu@

Diffstat

-rw-r--r--

bin/systrace/systrace.c

-rw-r--r--

lib/libc/gen/auth_subr.c

-rw-r--r--

lib/libutil/check_expire.c

-rw-r--r--

libexec/ftpd/ftpd.c

-rw-r--r--

libexec/ftpd/monitor.c

-rw-r--r--

sbin/iked/ikev2_msg.c

-rw-r--r--

usr.bin/gzsig/sign.c

-rw-r--r--

usr.bin/gzsig/ssh.c

-rw-r--r--

usr.sbin/cron/entry.c

-rw-r--r--

usr.sbin/ikectl/ikeca.c

-rw-r--r--

usr.sbin/ldapd/ldapd.c

-rw-r--r--

usr.sbin/pwd_mkdb/pwd_mkdb.c

-rw-r--r--

usr.sbin/smtpd/smtpd.c

-rw-r--r--

usr.sbin/smtpd/ssl.c

14 files changed, 40 insertions, 40 deletions

diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c
index 86fac087890..7a57f77c7cf 100644
--- a/bin/systrace/systrace.c
+++ b/bin/systrace/systrace.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: systrace.c,v 1.59 2014/08/09 22:44:15 guenther Exp $ */

+/* $OpenBSD: systrace.c,v 1.60 2014/08/25 07:50:25 doug Exp $ */

@@ -576,7 +576,7 @@ get_uid_gid(const char *argument, uid_t *uid, gid_t *gid)

u = strsep(&g, ":");

if ((pw = getpwnam(u)) != NULL) {

- memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));

+ explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd));

*uid = pw->pw_uid;

*gid = pw->pw_gid;

/* Ok if group not specified. */

diff --git a/lib/libc/gen/auth_subr.c b/lib/libc/gen/auth_subr.c
index 398233d3f0a..cfa857c6b3d 100644
--- a/lib/libc/gen/auth_subr.c
+++ b/lib/libc/gen/auth_subr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: auth_subr.c,v 1.40 2014/05/25 17:47:04 tedu Exp $ */

+/* $OpenBSD: auth_subr.c,v 1.41 2014/08/25 07:50:25 doug Exp $ */

@@ -202,7 +202,7 @@ auth_clean(auth_session_t *as)

while ((data = as->data) != NULL) {

if (as->data->len)

- memset(as->data->ptr, 0, as->data->len);

+ explicit_bzero(as->data->ptr, as->data->len);

as->data = data->next;

free(data);

}

@@ -210,7 +210,7 @@ auth_clean(auth_session_t *as)

auth_setitem(as, AUTHV_ALL, NULL);

if (as->pwd != NULL) {

- memset(as->pwd->pw_passwd, 0, strlen(as->pwd->pw_passwd));

+ explicit_bzero(as->pwd->pw_passwd, strlen(as->pwd->pw_passwd));

free(as->pwd);

as->pwd = NULL;

}

@@ -268,13 +268,13 @@ auth_close(auth_session_t *as)

while ((data = as->data) != NULL) {

if (as->data->len)

- memset(as->data->ptr, 0, as->data->len);

+ explicit_bzero(as->data->ptr, as->data->len);

as->data = data->next;

free(data);

}

if (as->pwd != NULL) {

- memset(as->pwd->pw_passwd, 0, strlen(as->pwd->pw_passwd));

+ explicit_bzero(as->pwd->pw_passwd, strlen(as->pwd->pw_passwd));

free(as->pwd);

as->pwd = NULL;

}

@@ -644,7 +644,7 @@ auth_setpwd(auth_session_t *as, struct passwd *pwd)

if ((pwd = pw_dup(pwd)) == NULL)

return (-1); /* true failure */

if (as->pwd) {

- memset(as->pwd->pw_passwd, 0, strlen(as->pwd->pw_passwd));

+ explicit_bzero(as->pwd->pw_passwd, strlen(as->pwd->pw_passwd));

free(as->pwd);

}

as->pwd = pwd;

@@ -828,11 +828,11 @@ auth_call(auth_session_t *as, char *path, ...)

if (argc >= Nargc - 1 && _auth_next_arg(as)) {

if (memcmp(&nilap, &(as->ap0), sizeof(nilap)) != 0) {

va_end(as->ap0);

- memset(&(as->ap0), 0, sizeof(as->ap0));

+ explicit_bzero(&(as->ap0), sizeof(as->ap0));

}

if (memcmp(&nilap, &(as->ap), sizeof(nilap)) != 0) {

va_end(as->ap);

- memset(&(as->ap), 0, sizeof(as->ap));

+ explicit_bzero(&(as->ap), sizeof(as->ap));

}

syslog(LOG_ERR, "too many arguments");

goto fail;

@@ -883,7 +883,7 @@ auth_call(auth_session_t *as, char *path, ...)

as->data = data->next;

if (data->len > 0) {

write(pfd[0], data->ptr, data->len);

- memset(data->ptr, 0, data->len);

+ explicit_bzero(data->ptr, data->len);

}

free(data);

}

@@ -977,12 +977,12 @@ fail:

if (memcmp(&nilap, &(as->ap0), sizeof(nilap)) != 0) {

va_end(as->ap0);

- memset(&(as->ap0), 0, sizeof(as->ap0));

+ explicit_bzero(&(as->ap0), sizeof(as->ap0));

}

if (memcmp(&nilap, &(as->ap), sizeof(nilap)) != 0) {

va_end(as->ap);

- memset(&(as->ap), 0, sizeof(as->ap));

+ explicit_bzero(&(as->ap), sizeof(as->ap));

}

return (okay);

}

@@ -1088,13 +1088,13 @@ _auth_next_arg(auth_session_t *as)

if ((arg = va_arg(as->ap0, char *)) != NULL)

return (arg);

va_end(as->ap0);

- memset(&(as->ap0), 0, sizeof(as->ap0));

+ explicit_bzero(&(as->ap0), sizeof(as->ap0));

}

if (memcmp(&nilap, &(as->ap), sizeof(nilap)) != 0) {

if ((arg = va_arg(as->ap, char *)) != NULL)

return (arg);

va_end(as->ap);

- memset(&(as->ap), 0, sizeof(as->ap));

+ explicit_bzero(&(as->ap), sizeof(as->ap));

}

return (NULL);

}

diff --git a/lib/libutil/check_expire.c b/lib/libutil/check_expire.c
index 8e23a67fb74..cc141311dad 100644
--- a/lib/libutil/check_expire.c
+++ b/lib/libutil/check_expire.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: check_expire.c,v 1.9 2013/04/29 00:19:19 okan Exp $ */

+/* $OpenBSD: check_expire.c,v 1.10 2014/08/25 07:50:25 doug Exp $ */

@@ -129,7 +129,7 @@ login_check_expire(FILE *back, struct passwd *pwd, char *class, int lastchance)

npwd = pw_dup(pwd);

npwd->pw_change = 1;

p = pwd_update(npwd, pwd);

- memset(npwd->pw_passwd, 0,

+ explicit_bzero(npwd->pw_passwd,

strlen(npwd->pw_passwd));

free(npwd);

if (p != NULL) {

diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index c9ff691b4dd..98c34db3359 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ftpd.c,v 1.203 2014/03/24 16:41:27 tedu Exp $ */

+/* $OpenBSD: ftpd.c,v 1.204 2014/08/25 07:50:25 doug Exp $ */

/* $NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $ */

@@ -695,7 +695,7 @@ sgetpwnam(char *name, struct passwd *pw)

/* NOTREACHED */

}

if (old) {

- memset(old->pw_passwd, 0, strlen(old->pw_passwd));

+ explicit_bzero(old->pw_passwd, strlen(old->pw_passwd));

free(old);

}

return (save);

diff --git a/libexec/ftpd/monitor.c b/libexec/ftpd/monitor.c
index 9983dc010da..0f42cb7416d 100644
--- a/libexec/ftpd/monitor.c
+++ b/libexec/ftpd/monitor.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: monitor.c,v 1.20 2009/06/04 01:12:39 sthen Exp $ */

+/* $OpenBSD: monitor.c,v 1.21 2014/08/25 07:50:25 doug Exp $ */

@@ -292,7 +292,7 @@ handle_cmds(void)

preauth_slave_pid = slave_pid;

auth = pass(pw);

- bzero(pw, len);

+ explicit_bzero(pw, len);

free(pw);

switch (auth) {

diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c
index 2b2c51c5269..abd25c4462f 100644
--- a/sbin/iked/ikev2_msg.c
+++ b/sbin/iked/ikev2_msg.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ikev2_msg.c,v 1.35 2014/05/07 13:04:01 markus Exp $ */

+/* $OpenBSD: ikev2_msg.c,v 1.36 2014/08/25 07:50:25 doug Exp $ */

@@ -408,7 +408,7 @@ ikev2_msg_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf *src)

if ((ptr = ibuf_advance(dst, integrlen)) == NULL)

goto done;

- bzero(ptr, integrlen);

+ explicit_bzero(ptr, integrlen);

log_debug("%s: length %zu, padding %d, output length %zu",

__func__, len + sizeof(pad), pad, ibuf_size(dst));

diff --git a/usr.bin/gzsig/sign.c b/usr.bin/gzsig/sign.c
index 7795a85cb61..8bf7864e9cb 100644
--- a/usr.bin/gzsig/sign.c
+++ b/usr.bin/gzsig/sign.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: sign.c,v 1.13 2013/03/10 10:36:57 tobias Exp $ */

+/* $OpenBSD: sign.c,v 1.14 2014/08/25 07:50:26 doug Exp $ */

* sign.c

@@ -206,7 +206,7 @@ sign_passwd_cb(char *buf, int size, int rwflag, void *u)

p = getpass("Enter passphrase: ");

if (strlcpy(buf, p, size) >= size)

errx(1, "Passphrase too long");

- memset(p, 0, strlen(p));

+ explicit_bzero(p, strlen(p));

}

return (strlen(buf));

diff --git a/usr.bin/gzsig/ssh.c b/usr.bin/gzsig/ssh.c
index e7911411f92..b99cf89ce5b 100644
--- a/usr.bin/gzsig/ssh.c
+++ b/usr.bin/gzsig/ssh.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssh.c,v 1.3 2014/04/16 05:16:39 miod Exp $ */

+/* $OpenBSD: ssh.c,v 1.4 2014/08/25 07:50:26 doug Exp $ */

* ssh.c

@@ -252,7 +252,7 @@ load_ssh1_private(RSA *rsa, struct iovec *iov)

MD5_Update(&md, (const u_char *)pass, strlen(pass));

MD5_Final(digest, &md);

- memset(pass, 0, strlen(pass));

+ explicit_bzero(pass, strlen(pass));

if ((dstate = des3_init(digest, sizeof(digest))) == NULL)

return (-1);

diff --git a/usr.sbin/cron/entry.c b/usr.sbin/cron/entry.c
index 8d391ed95fc..8d200ece024 100644
--- a/usr.sbin/cron/entry.c
+++ b/usr.sbin/cron/entry.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: entry.c,v 1.33 2011/05/19 15:00:17 phessler Exp $ */

+/* $OpenBSD: entry.c,v 1.34 2014/08/25 07:50:26 doug Exp $ */

@@ -271,7 +271,7 @@ load_entry(FILE *file, void (*error_func)(const char *), struct passwd *pw,

ecode = e_memory;

goto eof;

}

- bzero(e->pwd->pw_passwd, strlen(e->pwd->pw_passwd));

+ explicit_bzero(e->pwd->pw_passwd, strlen(e->pwd->pw_passwd));

/* copy and fix up environment. some variables are just defaults and

* others are overrides.

diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c
index c66fbb65cd4..cb19ba94ec3 100644
--- a/usr.sbin/ikectl/ikeca.c
+++ b/usr.sbin/ikectl/ikeca.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ikeca.c,v 1.27 2014/07/20 01:38:40 guenther Exp $ */

+/* $OpenBSD: ikeca.c,v 1.28 2014/08/25 07:50:26 doug Exp $ */

@@ -795,7 +795,7 @@ ca_revoke(struct ca *ca, char *keyname)

pass, ca->sslpath, ca->sslpath);

system(cmd);

- bzero(pass, len);

+ explicit_bzero(pass, len);

free(pass);

return (0);

diff --git a/usr.sbin/ldapd/ldapd.c b/usr.sbin/ldapd/ldapd.c
index 94c039f913f..4dfd3557fe5 100644
--- a/usr.sbin/ldapd/ldapd.c
+++ b/usr.sbin/ldapd/ldapd.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ldapd.c,v 1.10 2013/11/02 13:31:51 deraadt Exp $ */

+/* $OpenBSD: ldapd.c,v 1.11 2014/08/25 07:50:26 doug Exp $ */

@@ -298,7 +298,7 @@ ldapd_auth_classful(char *name, char *password)

auth_setitem(as, AUTHV_SERVICE, "response");

auth_setdata(as, "", 1);

auth_setdata(as, password, strlen(password) + 1);

- memset(password, 0, strlen(password));

+ explicit_bzero(password, strlen(password));

} else

as = NULL;

diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
index ba75c34a06f..02ff7493a86 100644
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pwd_mkdb.c,v 1.44 2014/05/20 01:25:24 guenther Exp $ */

+/* $OpenBSD: pwd_mkdb.c,v 1.45 2014/08/25 07:50:26 doug Exp $ */

/*-

@@ -591,7 +591,7 @@ db_store(FILE *fp, FILE *oldfp, DB *edp, DB *dp, struct passwd *pw,

/* Star out password to make insecure record. */

p = buf + strlen(pw->pw_name) + 1; /* skip pw_name */

len = strlen(pw->pw_passwd);

- memset(p, 0, len); /* zero pw_passwd */

+ explicit_bzero(p, len); /* zero pw_passwd */

t = p + len + 1; /* skip pw_passwd */

if (len != 0)

*p++ = '*';

diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c
index 1fbb9117031..5b118d32c46 100644
--- a/usr.sbin/smtpd/smtpd.c
+++ b/usr.sbin/smtpd/smtpd.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: smtpd.c,v 1.234 2014/07/10 15:54:55 eric Exp $ */

+/* $OpenBSD: smtpd.c,v 1.235 2014/08/25 07:50:26 doug Exp $ */

@@ -589,7 +589,7 @@ main(int argc, char *argv[])

err(1, "getpass");

env->sc_queue_key = strdup(password);

- memset(password, 0, strlen(password));

+ explicit_bzero(password, strlen(password));

if (env->sc_queue_key == NULL)

err(1, "strdup");

}

diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c
index 270787a7039..ab2de87946c 100644
--- a/usr.sbin/smtpd/ssl.c
+++ b/usr.sbin/smtpd/ssl.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl.c,v 1.69 2014/07/10 20:16:48 jsg Exp $ */

+/* $OpenBSD: ssl.c,v 1.70 2014/08/25 07:50:26 doug Exp $ */

@@ -146,7 +146,7 @@ ssl_password_cb(char *buf, int size, int rwflag, void *u)

{

size_t len;

if (u == NULL) {

- memset(buf, 0, size);

+ explicit_bzero(buf, size);

return (0);

}

if ((len = strlcpy(buf, u, size)) >= (size_t)size)

@@ -171,7 +171,7 @@ ssl_password_cb(char *buf, int size, int rwflag, void *u)

ret = len;

end:

if (len)

- memset(pass, 0, len);

+ explicit_bzero(pass, len);

return ret;

}