src - OpenBSD base system

diff options


context:
space:
mode:

author	Todd C. Miller <millert@cvs.openbsd.org>	2004-01-05 00:23:58 +0000
committer	Todd C. Miller <millert@cvs.openbsd.org>	2004-01-05 00:23:58 +0000
commit	c98457f0af8ca7370b397738ff2c441700d3a184 (patch)
tree	68a8a649be346fa22a4828992ab734e08307eddc /usr.bin/sudo/auth
parent	e31e0d84fac35639126f2aa7df285e983db53914 (diff)

Get rid of volatile variables that were a vain attempt to prevent the

compiler from optimizing away memset() calls. Instead, add a new function, zero_bytes(), to clear buffers with sensitive contents. Taken from the sudo cvs repo, man.

Diffstat (limited to 'usr.bin/sudo/auth')

-rw-r--r--

usr.bin/sudo/auth/aix_auth.c

-rw-r--r--

usr.bin/sudo/auth/bsdauth.c

-rw-r--r--

usr.bin/sudo/auth/fwtk.c

-rw-r--r--

usr.bin/sudo/auth/pam.c

-rw-r--r--

usr.bin/sudo/auth/sudo_auth.c

5 files changed, 16 insertions, 17 deletions

diff --git a/usr.bin/sudo/auth/aix_auth.c b/usr.bin/sudo/auth/aix_auth.c
index 3b1ea687763..545591b2535 100644
--- a/usr.bin/sudo/auth/aix_auth.c
+++ b/usr.bin/sudo/auth/aix_auth.c

@@ -74,7 +74,7 @@ aixauth_verify(pw, prompt, auth)

char *prompt;

sudo_auth *auth;

{

- volatile char *pass;

+ char *pass;

char *message;

int reenter = 1;

int rval = AUTH_FAILURE;

@@ -83,7 +83,7 @@ aixauth_verify(pw, prompt, auth)

if (pass) {

if (authenticate(pw->pw_name, (char *)pass, &reenter, &message) == 0)

rval = AUTH_SUCCESS;

- memset(pass, 0, strlen(pass));

+ zero_bytes(pass, strlen(pass));

}

return(rval);

}

diff --git a/usr.bin/sudo/auth/bsdauth.c b/usr.bin/sudo/auth/bsdauth.c
index bce66d19797..a2c41867b2a 100644
--- a/usr.bin/sudo/auth/bsdauth.c
+++ b/usr.bin/sudo/auth/bsdauth.c

@@ -116,7 +116,7 @@ bsdauth_verify(pw, prompt, auth)

char *prompt;

sudo_auth *auth;

{

- volatile char *pass;

+ char *pass;

char *s;

size_t len;

int authok = 0;

@@ -165,7 +165,7 @@ bsdauth_verify(pw, prompt, auth)

if (pass) {

authok = auth_userresponse(as, (char *)pass, 1);

- memset(pass, 0, strlen(pass));

+ zero_bytes(pass, strlen(pass));

}

/* restore old signal handler */

diff --git a/usr.bin/sudo/auth/fwtk.c b/usr.bin/sudo/auth/fwtk.c
index 29322dbb752..1800842340a 100644
--- a/usr.bin/sudo/auth/fwtk.c
+++ b/usr.bin/sudo/auth/fwtk.c

@@ -114,8 +114,8 @@ fwtk_verify(pw, prompt, auth)

char *prompt;

sudo_auth *auth;

{

- volatile char *pass; /* Password from the user */

- volatile char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */

+ char *pass; /* Password from the user */

+ char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */

char resp[128]; /* Response from the server */

int error;

extern int nil_pw;

@@ -166,8 +166,8 @@ fwtk_verify(pw, prompt, auth)

warnx("%s", resp);

error = AUTH_FAILURE;

done:

- memset(pass, 0, strlen(pass));

- memset(buf, 0, strlen(buf));

+ zero_bytes(pass, strlen(pass));

+ zero_bytes(buf, strlen(buf));

return(error);

}

diff --git a/usr.bin/sudo/auth/pam.c b/usr.bin/sudo/auth/pam.c
index b198a32e33d..5f8a0638280 100644
--- a/usr.bin/sudo/auth/pam.c
+++ b/usr.bin/sudo/auth/pam.c

@@ -205,16 +205,16 @@ sudo_conv(num_msg, msg, response, appdata_ptr)

struct pam_response **response;

VOID *appdata_ptr;

{

- volatile struct pam_response *pr;

+ struct pam_response *pr;

PAM_CONST struct pam_message *pm;

const char *p = def_prompt;

- volatile char *pass;

+ char *pass;

int n, flags;

extern int nil_pw;

if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)

return(PAM_CONV_ERR);

- (void) memset(*response, 0, num_msg * sizeof(struct pam_response));

+ zero_bytes(*response, num_msg * sizeof(struct pam_response));

for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) {

flags = tgetpass_flags;

@@ -232,7 +232,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr)

if (*pr->resp == '\0')

nil_pw = 1; /* empty password */

else

- memset(pass, 0, strlen(pass));

+ zero_bytes(pass, strlen(pass));

break;

case PAM_TEXT_INFO:

if (pm->msg)

@@ -248,13 +248,12 @@ sudo_conv(num_msg, msg, response, appdata_ptr)

/* Zero and free allocated memory and return an error. */

for (pr = *response, n = num_msg; n--; pr++) {

if (pr->resp != NULL) {

- (void) memset(pr->resp, 0, strlen(pr->resp));

+ zero_bytes(pr->resp, strlen(pr->resp));

free(pr->resp);

pr->resp = NULL;

}

- (void) memset(*response, 0,

- num_msg * sizeof(struct pam_response));

+ zero_bytes(*response, num_msg * sizeof(struct pam_response));

free(*response);

*response = NULL;

return(PAM_CONV_ERR);

diff --git a/usr.bin/sudo/auth/sudo_auth.c b/usr.bin/sudo/auth/sudo_auth.c
index 33f13d50550..c7b296ac450 100644
--- a/usr.bin/sudo/auth/sudo_auth.c
+++ b/usr.bin/sudo/auth/sudo_auth.c

@@ -117,7 +117,7 @@ verify_user(pw, prompt)

int success = AUTH_FAILURE;

int status;

int flags;

- volatile char *p;

+ char *p;

sudo_auth *auth;

sigaction_t sa, osa;

@@ -202,7 +202,7 @@ verify_user(pw, prompt)

}

#ifndef AUTH_STANDALONE

if (p)

- (void) memset(p, 0, strlen(p));

+ zero_bytes(p, strlen(p));

#endif

/* Exit loop on nil password, but give it a chance to match first. */