From c98457f0af8ca7370b397738ff2c441700d3a184 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 5 Jan 2004 00:23:58 +0000 Subject: Get rid of volatile variables that were a vain attempt to prevent the compiler from optimizing away memset() calls. Instead, add a new function, zero_bytes(), to clear buffers with sensitive contents. Taken from the sudo cvs repo, man. --- usr.bin/sudo/auth/aix_auth.c | 4 ++-- usr.bin/sudo/auth/bsdauth.c | 4 ++-- usr.bin/sudo/auth/fwtk.c | 8 ++++---- usr.bin/sudo/auth/pam.c | 13 ++++++------- usr.bin/sudo/auth/sudo_auth.c | 4 ++-- 5 files changed, 16 insertions(+), 17 deletions(-) (limited to 'usr.bin/sudo/auth') diff --git a/usr.bin/sudo/auth/aix_auth.c b/usr.bin/sudo/auth/aix_auth.c index 3b1ea687763..545591b2535 100644 --- a/usr.bin/sudo/auth/aix_auth.c +++ b/usr.bin/sudo/auth/aix_auth.c @@ -74,7 +74,7 @@ aixauth_verify(pw, prompt, auth) char *prompt; sudo_auth *auth; { - volatile char *pass; + char *pass; char *message; int reenter = 1; int rval = AUTH_FAILURE; @@ -83,7 +83,7 @@ aixauth_verify(pw, prompt, auth) if (pass) { if (authenticate(pw->pw_name, (char *)pass, &reenter, &message) == 0) rval = AUTH_SUCCESS; - memset(pass, 0, strlen(pass)); + zero_bytes(pass, strlen(pass)); } return(rval); } diff --git a/usr.bin/sudo/auth/bsdauth.c b/usr.bin/sudo/auth/bsdauth.c index bce66d19797..a2c41867b2a 100644 --- a/usr.bin/sudo/auth/bsdauth.c +++ b/usr.bin/sudo/auth/bsdauth.c @@ -116,7 +116,7 @@ bsdauth_verify(pw, prompt, auth) char *prompt; sudo_auth *auth; { - volatile char *pass; + char *pass; char *s; size_t len; int authok = 0; @@ -165,7 +165,7 @@ bsdauth_verify(pw, prompt, auth) if (pass) { authok = auth_userresponse(as, (char *)pass, 1); - memset(pass, 0, strlen(pass)); + zero_bytes(pass, strlen(pass)); } /* restore old signal handler */ diff --git a/usr.bin/sudo/auth/fwtk.c b/usr.bin/sudo/auth/fwtk.c index 29322dbb752..1800842340a 100644 --- a/usr.bin/sudo/auth/fwtk.c +++ b/usr.bin/sudo/auth/fwtk.c @@ -114,8 +114,8 @@ fwtk_verify(pw, prompt, auth) char *prompt; sudo_auth *auth; { - volatile char *pass; /* Password from the user */ - volatile char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */ + char *pass; /* Password from the user */ + char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */ char resp[128]; /* Response from the server */ int error; extern int nil_pw; @@ -166,8 +166,8 @@ fwtk_verify(pw, prompt, auth) warnx("%s", resp); error = AUTH_FAILURE; done: - memset(pass, 0, strlen(pass)); - memset(buf, 0, strlen(buf)); + zero_bytes(pass, strlen(pass)); + zero_bytes(buf, strlen(buf)); return(error); } diff --git a/usr.bin/sudo/auth/pam.c b/usr.bin/sudo/auth/pam.c index b198a32e33d..5f8a0638280 100644 --- a/usr.bin/sudo/auth/pam.c +++ b/usr.bin/sudo/auth/pam.c @@ -205,16 +205,16 @@ sudo_conv(num_msg, msg, response, appdata_ptr) struct pam_response **response; VOID *appdata_ptr; { - volatile struct pam_response *pr; + struct pam_response *pr; PAM_CONST struct pam_message *pm; const char *p = def_prompt; - volatile char *pass; + char *pass; int n, flags; extern int nil_pw; if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL) return(PAM_CONV_ERR); - (void) memset(*response, 0, num_msg * sizeof(struct pam_response)); + zero_bytes(*response, num_msg * sizeof(struct pam_response)); for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) { flags = tgetpass_flags; @@ -232,7 +232,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr) if (*pr->resp == '\0') nil_pw = 1; /* empty password */ else - memset(pass, 0, strlen(pass)); + zero_bytes(pass, strlen(pass)); break; case PAM_TEXT_INFO: if (pm->msg) @@ -248,13 +248,12 @@ sudo_conv(num_msg, msg, response, appdata_ptr) /* Zero and free allocated memory and return an error. */ for (pr = *response, n = num_msg; n--; pr++) { if (pr->resp != NULL) { - (void) memset(pr->resp, 0, strlen(pr->resp)); + zero_bytes(pr->resp, strlen(pr->resp)); free(pr->resp); pr->resp = NULL; } } - (void) memset(*response, 0, - num_msg * sizeof(struct pam_response)); + zero_bytes(*response, num_msg * sizeof(struct pam_response)); free(*response); *response = NULL; return(PAM_CONV_ERR); diff --git a/usr.bin/sudo/auth/sudo_auth.c b/usr.bin/sudo/auth/sudo_auth.c index 33f13d50550..c7b296ac450 100644 --- a/usr.bin/sudo/auth/sudo_auth.c +++ b/usr.bin/sudo/auth/sudo_auth.c @@ -117,7 +117,7 @@ verify_user(pw, prompt) int success = AUTH_FAILURE; int status; int flags; - volatile char *p; + char *p; sudo_auth *auth; sigaction_t sa, osa; @@ -202,7 +202,7 @@ verify_user(pw, prompt) } #ifndef AUTH_STANDALONE if (p) - (void) memset(p, 0, strlen(p)); + zero_bytes(p, strlen(p)); #endif /* Exit loop on nil password, but give it a chance to match first. */ -- cgit v1.2.3