diff options
author | jsg@openbsd.org <jsg@openbsd.org> | 2020-02-26 13:40:09 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-02-28 12:26:28 +1100 |
commit | d5ba1c03278eb079438bb038266d80d7477d49cb (patch) | |
tree | 6d8dd2d802af796bcb7c9d6d018196a448bb9ff6 | |
parent | 9e3220b585c5be19a7431ea4ff8884c137b3a81c (diff) |
upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
-rw-r--r-- | auth-options.c | 5 | ||||
-rw-r--r-- | auth2-chall.c | 5 | ||||
-rw-r--r-- | auth2-passwd.c | 5 | ||||
-rw-r--r-- | authfd.c | 8 | ||||
-rw-r--r-- | channels.c | 11 | ||||
-rw-r--r-- | cipher.c | 8 | ||||
-rw-r--r-- | clientloop.c | 5 | ||||
-rw-r--r-- | digest-libc.c | 5 | ||||
-rw-r--r-- | hmac.c | 5 | ||||
-rw-r--r-- | hostfile.c | 5 | ||||
-rw-r--r-- | kex.c | 5 | ||||
-rw-r--r-- | monitor.c | 5 | ||||
-rw-r--r-- | ssh-add.c | 11 | ||||
-rw-r--r-- | ssh-agent.c | 5 | ||||
-rw-r--r-- | ssh-dss.c | 8 | ||||
-rw-r--r-- | ssh-ed25519-sk.c | 8 | ||||
-rw-r--r-- | ssh-ed25519.c | 20 | ||||
-rw-r--r-- | ssh-keygen.c | 26 | ||||
-rw-r--r-- | ssh-xmss.c | 20 | ||||
-rw-r--r-- | sshbuf-misc.c | 11 | ||||
-rw-r--r-- | sshbuf.c | 5 | ||||
-rw-r--r-- | sshkey.c | 44 | ||||
-rw-r--r-- | umac.c | 5 |
23 files changed, 86 insertions, 149 deletions
diff --git a/auth-options.c b/auth-options.c index 2d200944c..b63782de7 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.90 2019/11/25 00:54:23 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.91 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2018 Damien Miller <djm@mindrot.org> |
4 | * | 4 | * |
@@ -222,8 +222,7 @@ sshauthopt_free(struct sshauthopt *opts) | |||
222 | free(opts->permitlisten[i]); | 222 | free(opts->permitlisten[i]); |
223 | free(opts->permitlisten); | 223 | free(opts->permitlisten); |
224 | 224 | ||
225 | explicit_bzero(opts, sizeof(*opts)); | 225 | freezero(opts, sizeof(*opts)); |
226 | free(opts); | ||
227 | } | 226 | } |
228 | 227 | ||
229 | struct sshauthopt * | 228 | struct sshauthopt * |
diff --git a/auth2-chall.c b/auth2-chall.c index c57387b71..3acd0a837 100644 --- a/auth2-chall.c +++ b/auth2-chall.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-chall.c,v 1.52 2019/11/13 04:47:52 deraadt Exp $ */ | 1 | /* $OpenBSD: auth2-chall.c,v 1.53 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2001 Per Allansson. All rights reserved. | 4 | * Copyright (c) 2001 Per Allansson. All rights reserved. |
@@ -147,8 +147,7 @@ kbdint_free(KbdintAuthctxt *kbdintctxt) | |||
147 | if (kbdintctxt->device) | 147 | if (kbdintctxt->device) |
148 | kbdint_reset_device(kbdintctxt); | 148 | kbdint_reset_device(kbdintctxt); |
149 | free(kbdintctxt->devices); | 149 | free(kbdintctxt->devices); |
150 | explicit_bzero(kbdintctxt, sizeof(*kbdintctxt)); | 150 | freezero(kbdintctxt, sizeof(*kbdintctxt)); |
151 | free(kbdintctxt); | ||
152 | } | 151 | } |
153 | /* get next device */ | 152 | /* get next device */ |
154 | static int | 153 | static int |
diff --git a/auth2-passwd.c b/auth2-passwd.c index 6601e8664..bb5f8192d 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-passwd.c,v 1.17 2019/09/06 04:53:27 djm Exp $ */ | 1 | /* $OpenBSD: auth2-passwd.c,v 1.18 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -66,8 +66,7 @@ userauth_passwd(struct ssh *ssh) | |||
66 | logit("password change not supported"); | 66 | logit("password change not supported"); |
67 | else if (PRIVSEP(auth_password(ssh, password)) == 1) | 67 | else if (PRIVSEP(auth_password(ssh, password)) == 1) |
68 | authenticated = 1; | 68 | authenticated = 1; |
69 | explicit_bzero(password, len); | 69 | freezero(password, len); |
70 | free(password); | ||
71 | return authenticated; | 70 | return authenticated; |
72 | } | 71 | } |
73 | 72 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.121 2019/12/21 02:19:13 djm Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.122 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -561,10 +561,8 @@ ssh_remove_identity(int sock, struct sshkey *key) | |||
561 | goto out; | 561 | goto out; |
562 | r = decode_reply(type); | 562 | r = decode_reply(type); |
563 | out: | 563 | out: |
564 | if (blob != NULL) { | 564 | if (blob != NULL) |
565 | explicit_bzero(blob, blen); | 565 | freezero(blob, blen); |
566 | free(blob); | ||
567 | } | ||
568 | sshbuf_free(msg); | 566 | sshbuf_free(msg); |
569 | return r; | 567 | return r; |
570 | } | 568 | } |
diff --git a/channels.c b/channels.c index 226ba7a39..19c22c4ef 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.395 2020/01/25 06:40:20 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.396 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -625,14 +625,12 @@ channel_free(struct ssh *ssh, Channel *c) | |||
625 | if (cc->abandon_cb != NULL) | 625 | if (cc->abandon_cb != NULL) |
626 | cc->abandon_cb(ssh, c, cc->ctx); | 626 | cc->abandon_cb(ssh, c, cc->ctx); |
627 | TAILQ_REMOVE(&c->status_confirms, cc, entry); | 627 | TAILQ_REMOVE(&c->status_confirms, cc, entry); |
628 | explicit_bzero(cc, sizeof(*cc)); | 628 | freezero(cc, sizeof(*cc)); |
629 | free(cc); | ||
630 | } | 629 | } |
631 | if (c->filter_cleanup != NULL && c->filter_ctx != NULL) | 630 | if (c->filter_cleanup != NULL && c->filter_ctx != NULL) |
632 | c->filter_cleanup(ssh, c->self, c->filter_ctx); | 631 | c->filter_cleanup(ssh, c->self, c->filter_ctx); |
633 | sc->channels[c->self] = NULL; | 632 | sc->channels[c->self] = NULL; |
634 | explicit_bzero(c, sizeof(*c)); | 633 | freezero(c, sizeof(*c)); |
635 | free(c); | ||
636 | } | 634 | } |
637 | 635 | ||
638 | void | 636 | void |
@@ -3295,8 +3293,7 @@ channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh) | |||
3295 | return 0; | 3293 | return 0; |
3296 | cc->cb(ssh, type, c, cc->ctx); | 3294 | cc->cb(ssh, type, c, cc->ctx); |
3297 | TAILQ_REMOVE(&c->status_confirms, cc, entry); | 3295 | TAILQ_REMOVE(&c->status_confirms, cc, entry); |
3298 | explicit_bzero(cc, sizeof(*cc)); | 3296 | freezero(cc, sizeof(*cc)); |
3299 | free(cc); | ||
3300 | return 0; | 3297 | return 0; |
3301 | } | 3298 | } |
3302 | 3299 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.c,v 1.114 2020/01/23 10:24:29 dtucker Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.115 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -328,8 +328,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, | |||
328 | #ifdef WITH_OPENSSL | 328 | #ifdef WITH_OPENSSL |
329 | EVP_CIPHER_CTX_free(cc->evp); | 329 | EVP_CIPHER_CTX_free(cc->evp); |
330 | #endif /* WITH_OPENSSL */ | 330 | #endif /* WITH_OPENSSL */ |
331 | explicit_bzero(cc, sizeof(*cc)); | 331 | freezero(cc, sizeof(*cc)); |
332 | free(cc); | ||
333 | } | 332 | } |
334 | } | 333 | } |
335 | return ret; | 334 | return ret; |
@@ -434,8 +433,7 @@ cipher_free(struct sshcipher_ctx *cc) | |||
434 | EVP_CIPHER_CTX_free(cc->evp); | 433 | EVP_CIPHER_CTX_free(cc->evp); |
435 | cc->evp = NULL; | 434 | cc->evp = NULL; |
436 | #endif | 435 | #endif |
437 | explicit_bzero(cc, sizeof(*cc)); | 436 | freezero(cc, sizeof(*cc)); |
438 | free(cc); | ||
439 | } | 437 | } |
440 | 438 | ||
441 | /* | 439 | /* |
diff --git a/clientloop.c b/clientloop.c index 05fc92861..5bfccdd35 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.341 2020/02/26 01:31:47 dtucker Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.342 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -473,8 +473,7 @@ client_global_request_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
473 | gc->cb(ssh, type, seq, gc->ctx); | 473 | gc->cb(ssh, type, seq, gc->ctx); |
474 | if (--gc->ref_count <= 0) { | 474 | if (--gc->ref_count <= 0) { |
475 | TAILQ_REMOVE(&global_confirms, gc, entry); | 475 | TAILQ_REMOVE(&global_confirms, gc, entry); |
476 | explicit_bzero(gc, sizeof(*gc)); | 476 | freezero(gc, sizeof(*gc)); |
477 | free(gc); | ||
478 | } | 477 | } |
479 | 478 | ||
480 | ssh_packet_set_alive_timeouts(ssh, 0); | 479 | ssh_packet_set_alive_timeouts(ssh, 0); |
diff --git a/digest-libc.c b/digest-libc.c index 12737e5d5..86a1dbf29 100644 --- a/digest-libc.c +++ b/digest-libc.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: digest-libc.c,v 1.6 2017/05/08 22:57:38 djm Exp $ */ | 1 | /* $OpenBSD: digest-libc.c,v 1.7 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> |
4 | * Copyright (c) 2014 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2014 Markus Friedl. All rights reserved. |
@@ -230,8 +230,7 @@ ssh_digest_free(struct ssh_digest_ctx *ctx) | |||
230 | if (digest) { | 230 | if (digest) { |
231 | explicit_bzero(ctx->mdctx, digest->ctx_len); | 231 | explicit_bzero(ctx->mdctx, digest->ctx_len); |
232 | free(ctx->mdctx); | 232 | free(ctx->mdctx); |
233 | explicit_bzero(ctx, sizeof(*ctx)); | 233 | freezero(ctx, sizeof(*ctx)); |
234 | free(ctx); | ||
235 | } | 234 | } |
236 | } | 235 | } |
237 | } | 236 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: hmac.c,v 1.13 2019/09/06 04:53:27 djm Exp $ */ | 1 | /* $OpenBSD: hmac.c,v 1.14 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2014 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2014 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -131,8 +131,7 @@ ssh_hmac_free(struct ssh_hmac_ctx *ctx) | |||
131 | explicit_bzero(ctx->buf, ctx->buf_len); | 131 | explicit_bzero(ctx->buf, ctx->buf_len); |
132 | free(ctx->buf); | 132 | free(ctx->buf); |
133 | } | 133 | } |
134 | explicit_bzero(ctx, sizeof(*ctx)); | 134 | freezero(ctx, sizeof(*ctx)); |
135 | free(ctx); | ||
136 | } | 135 | } |
137 | } | 136 | } |
138 | 137 | ||
diff --git a/hostfile.c b/hostfile.c index 4a0349a60..7af47adf3 100644 --- a/hostfile.c +++ b/hostfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: hostfile.c,v 1.77 2020/01/25 00:21:08 djm Exp $ */ | 1 | /* $OpenBSD: hostfile.c,v 1.78 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -298,8 +298,7 @@ free_hostkeys(struct hostkeys *hostkeys) | |||
298 | explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); | 298 | explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); |
299 | } | 299 | } |
300 | free(hostkeys->entries); | 300 | free(hostkeys->entries); |
301 | explicit_bzero(hostkeys, sizeof(*hostkeys)); | 301 | freezero(hostkeys, sizeof(*hostkeys)); |
302 | free(hostkeys); | ||
303 | } | 302 | } |
304 | 303 | ||
305 | static int | 304 | static int |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.156 2020/01/23 10:24:29 dtucker Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.157 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -670,8 +670,7 @@ kex_free_newkeys(struct newkeys *newkeys) | |||
670 | } | 670 | } |
671 | free(newkeys->mac.name); | 671 | free(newkeys->mac.name); |
672 | explicit_bzero(&newkeys->mac, sizeof(newkeys->mac)); | 672 | explicit_bzero(&newkeys->mac, sizeof(newkeys->mac)); |
673 | explicit_bzero(newkeys, sizeof(*newkeys)); | 673 | freezero(newkeys, sizeof(*newkeys)); |
674 | free(newkeys); | ||
675 | } | 674 | } |
676 | 675 | ||
677 | void | 676 | void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.209 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -893,8 +893,7 @@ mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m) | |||
893 | /* Only authenticate if the context is valid */ | 893 | /* Only authenticate if the context is valid */ |
894 | authenticated = options.password_authentication && | 894 | authenticated = options.password_authentication && |
895 | auth_password(ssh, passwd); | 895 | auth_password(ssh, passwd); |
896 | explicit_bzero(passwd, plen); | 896 | freezero(passwd, plen); |
897 | free(passwd); | ||
898 | 897 | ||
899 | sshbuf_reset(m); | 898 | sshbuf_reset(m); |
900 | if ((r = sshbuf_put_u32(m, authenticated)) != 0) | 899 | if ((r = sshbuf_put_u32(m, authenticated)) != 0) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.153 2020/02/18 08:58:33 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.154 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -105,8 +105,7 @@ static void | |||
105 | clear_pass(void) | 105 | clear_pass(void) |
106 | { | 106 | { |
107 | if (pass) { | 107 | if (pass) { |
108 | explicit_bzero(pass, strlen(pass)); | 108 | freezero(pass, strlen(pass)); |
109 | free(pass); | ||
110 | pass = NULL; | 109 | pass = NULL; |
111 | } | 110 | } |
112 | } | 111 | } |
@@ -521,8 +520,7 @@ lock_agent(int agent_fd, int lock) | |||
521 | fprintf(stderr, "Passwords do not match.\n"); | 520 | fprintf(stderr, "Passwords do not match.\n"); |
522 | passok = 0; | 521 | passok = 0; |
523 | } | 522 | } |
524 | explicit_bzero(p2, strlen(p2)); | 523 | freezero(p2, strlen(p2)); |
525 | free(p2); | ||
526 | } | 524 | } |
527 | if (passok) { | 525 | if (passok) { |
528 | if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) { | 526 | if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) { |
@@ -533,8 +531,7 @@ lock_agent(int agent_fd, int lock) | |||
533 | lock ? "" : "un", ssh_err(r)); | 531 | lock ? "" : "un", ssh_err(r)); |
534 | } | 532 | } |
535 | } | 533 | } |
536 | explicit_bzero(p1, strlen(p1)); | 534 | freezero(p1, strlen(p1)); |
537 | free(p1); | ||
538 | return (ret); | 535 | return (ret); |
539 | } | 536 | } |
540 | 537 | ||
diff --git a/ssh-agent.c b/ssh-agent.c index 7eb6f0dc5..9e8366a7c 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.255 2020/02/06 22:30:54 naddy Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.256 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -620,8 +620,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
620 | fatal("bcrypt_pbkdf"); | 620 | fatal("bcrypt_pbkdf"); |
621 | success = 1; | 621 | success = 1; |
622 | } | 622 | } |
623 | explicit_bzero(passwd, pwlen); | 623 | freezero(passwd, pwlen); |
624 | free(passwd); | ||
625 | send_status(e, success); | 624 | send_status(e, success); |
626 | } | 625 | } |
627 | 626 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-dss.c,v 1.37 2018/02/07 02:06:51 jsing Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.39 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -200,10 +200,8 @@ ssh_dss_verify(const struct sshkey *key, | |||
200 | BN_clear_free(sig_s); | 200 | BN_clear_free(sig_s); |
201 | sshbuf_free(b); | 201 | sshbuf_free(b); |
202 | free(ktype); | 202 | free(ktype); |
203 | if (sigblob != NULL) { | 203 | if (sigblob != NULL) |
204 | explicit_bzero(sigblob, len); | 204 | freezero(sigblob, len); |
205 | free(sigblob); | ||
206 | } | ||
207 | return ret; | 205 | return ret; |
208 | } | 206 | } |
209 | #endif /* WITH_OPENSSL */ | 207 | #endif /* WITH_OPENSSL */ |
diff --git a/ssh-ed25519-sk.c b/ssh-ed25519-sk.c index b6f28c09a..f784776d4 100644 --- a/ssh-ed25519-sk.c +++ b/ssh-ed25519-sk.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-ed25519-sk.c,v 1.4 2019/11/26 03:04:27 djm Exp $ */ | 1 | /* $OpenBSD: ssh-ed25519-sk.c,v 1.5 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -154,10 +154,8 @@ ssh_ed25519_sk_verify(const struct sshkey *key, | |||
154 | details = NULL; | 154 | details = NULL; |
155 | } | 155 | } |
156 | out: | 156 | out: |
157 | if (m != NULL) { | 157 | if (m != NULL) |
158 | explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ | 158 | freezero(m, smlen); /* NB mlen may be invalid if r != 0 */ |
159 | free(m); | ||
160 | } | ||
161 | sshkey_sig_details_free(details); | 159 | sshkey_sig_details_free(details); |
162 | sshbuf_free(b); | 160 | sshbuf_free(b); |
163 | sshbuf_free(encoded); | 161 | sshbuf_free(encoded); |
diff --git a/ssh-ed25519.c b/ssh-ed25519.c index 5163e0297..7dee82707 100644 --- a/ssh-ed25519.c +++ b/ssh-ed25519.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-ed25519.c,v 1.7 2016/04/21 06:08:02 djm Exp $ */ | 1 | /* $OpenBSD: ssh-ed25519.c,v 1.8 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2013 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2013 Markus Friedl <markus@openbsd.org> |
4 | * | 4 | * |
@@ -83,10 +83,8 @@ ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
83 | r = 0; | 83 | r = 0; |
84 | out: | 84 | out: |
85 | sshbuf_free(b); | 85 | sshbuf_free(b); |
86 | if (sig != NULL) { | 86 | if (sig != NULL) |
87 | explicit_bzero(sig, slen); | 87 | freezero(sig, slen); |
88 | free(sig); | ||
89 | } | ||
90 | 88 | ||
91 | return r; | 89 | return r; |
92 | } | 90 | } |
@@ -153,14 +151,10 @@ ssh_ed25519_verify(const struct sshkey *key, | |||
153 | /* success */ | 151 | /* success */ |
154 | r = 0; | 152 | r = 0; |
155 | out: | 153 | out: |
156 | if (sm != NULL) { | 154 | if (sm != NULL) |
157 | explicit_bzero(sm, smlen); | 155 | freezero(sm, smlen); |
158 | free(sm); | 156 | if (m != NULL) |
159 | } | 157 | freezero(m, smlen); /* NB mlen may be invalid if r != 0 */ |
160 | if (m != NULL) { | ||
161 | explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ | ||
162 | free(m); | ||
163 | } | ||
164 | sshbuf_free(b); | 158 | sshbuf_free(b); |
165 | free(ktype); | 159 | free(ktype); |
166 | return r; | 160 | return r; |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 0d6ed1fff..d9c207b42 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.398 2020/02/07 03:27:54 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.399 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -327,8 +327,7 @@ load_identity(const char *filename, char **commentp) | |||
327 | else | 327 | else |
328 | pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); | 328 | pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); |
329 | r = sshkey_load_private(filename, pass, &prv, commentp); | 329 | r = sshkey_load_private(filename, pass, &prv, commentp); |
330 | explicit_bzero(pass, strlen(pass)); | 330 | freezero(pass, strlen(pass)); |
331 | free(pass); | ||
332 | if (r != 0) | 331 | if (r != 0) |
333 | fatal("Load key \"%s\": %s", filename, ssh_err(r)); | 332 | fatal("Load key \"%s\": %s", filename, ssh_err(r)); |
334 | return prv; | 333 | return prv; |
@@ -1424,8 +1423,7 @@ do_change_passphrase(struct passwd *pw) | |||
1424 | RP_ALLOW_STDIN); | 1423 | RP_ALLOW_STDIN); |
1425 | r = sshkey_load_private(identity_file, old_passphrase, | 1424 | r = sshkey_load_private(identity_file, old_passphrase, |
1426 | &private, &comment); | 1425 | &private, &comment); |
1427 | explicit_bzero(old_passphrase, strlen(old_passphrase)); | 1426 | freezero(old_passphrase, strlen(old_passphrase)); |
1428 | free(old_passphrase); | ||
1429 | if (r != 0) | 1427 | if (r != 0) |
1430 | goto badkey; | 1428 | goto badkey; |
1431 | } else if (r != 0) { | 1429 | } else if (r != 0) { |
@@ -1456,8 +1454,7 @@ do_change_passphrase(struct passwd *pw) | |||
1456 | exit(1); | 1454 | exit(1); |
1457 | } | 1455 | } |
1458 | /* Destroy the other copy. */ | 1456 | /* Destroy the other copy. */ |
1459 | explicit_bzero(passphrase2, strlen(passphrase2)); | 1457 | freezero(passphrase2, strlen(passphrase2)); |
1460 | free(passphrase2); | ||
1461 | } | 1458 | } |
1462 | 1459 | ||
1463 | /* Save the file using the new passphrase. */ | 1460 | /* Save the file using the new passphrase. */ |
@@ -1465,15 +1462,13 @@ do_change_passphrase(struct passwd *pw) | |||
1465 | comment, private_key_format, openssh_format_cipher, rounds)) != 0) { | 1462 | comment, private_key_format, openssh_format_cipher, rounds)) != 0) { |
1466 | error("Saving key \"%s\" failed: %s.", | 1463 | error("Saving key \"%s\" failed: %s.", |
1467 | identity_file, ssh_err(r)); | 1464 | identity_file, ssh_err(r)); |
1468 | explicit_bzero(passphrase1, strlen(passphrase1)); | 1465 | freezero(passphrase1, strlen(passphrase1)); |
1469 | free(passphrase1); | ||
1470 | sshkey_free(private); | 1466 | sshkey_free(private); |
1471 | free(comment); | 1467 | free(comment); |
1472 | exit(1); | 1468 | exit(1); |
1473 | } | 1469 | } |
1474 | /* Destroy the passphrase and the copy of the key in memory. */ | 1470 | /* Destroy the passphrase and the copy of the key in memory. */ |
1475 | explicit_bzero(passphrase1, strlen(passphrase1)); | 1471 | freezero(passphrase1, strlen(passphrase1)); |
1476 | free(passphrase1); | ||
1477 | sshkey_free(private); /* Destroys contents */ | 1472 | sshkey_free(private); /* Destroys contents */ |
1478 | free(comment); | 1473 | free(comment); |
1479 | 1474 | ||
@@ -1543,8 +1538,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment) | |||
1543 | /* Try to load using the passphrase. */ | 1538 | /* Try to load using the passphrase. */ |
1544 | if ((r = sshkey_load_private(identity_file, passphrase, | 1539 | if ((r = sshkey_load_private(identity_file, passphrase, |
1545 | &private, &comment)) != 0) { | 1540 | &private, &comment)) != 0) { |
1546 | explicit_bzero(passphrase, strlen(passphrase)); | 1541 | freezero(passphrase, strlen(passphrase)); |
1547 | free(passphrase); | ||
1548 | fatal("Cannot load private key \"%s\": %s.", | 1542 | fatal("Cannot load private key \"%s\": %s.", |
1549 | identity_file, ssh_err(r)); | 1543 | identity_file, ssh_err(r)); |
1550 | } | 1544 | } |
@@ -1589,14 +1583,12 @@ do_change_comment(struct passwd *pw, const char *identity_comment) | |||
1589 | rounds)) != 0) { | 1583 | rounds)) != 0) { |
1590 | error("Saving key \"%s\" failed: %s", | 1584 | error("Saving key \"%s\" failed: %s", |
1591 | identity_file, ssh_err(r)); | 1585 | identity_file, ssh_err(r)); |
1592 | explicit_bzero(passphrase, strlen(passphrase)); | 1586 | freezero(passphrase, strlen(passphrase)); |
1593 | free(passphrase); | ||
1594 | sshkey_free(private); | 1587 | sshkey_free(private); |
1595 | free(comment); | 1588 | free(comment); |
1596 | exit(1); | 1589 | exit(1); |
1597 | } | 1590 | } |
1598 | explicit_bzero(passphrase, strlen(passphrase)); | 1591 | freezero(passphrase, strlen(passphrase)); |
1599 | free(passphrase); | ||
1600 | if ((r = sshkey_from_private(private, &public)) != 0) | 1592 | if ((r = sshkey_from_private(private, &public)) != 0) |
1601 | fatal("sshkey_from_private failed: %s", ssh_err(r)); | 1593 | fatal("sshkey_from_private failed: %s", ssh_err(r)); |
1602 | sshkey_free(private); | 1594 | sshkey_free(private); |
diff --git a/ssh-xmss.c b/ssh-xmss.c index 4c734fd7d..ccd4c7600 100644 --- a/ssh-xmss.c +++ b/ssh-xmss.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $*/ | 1 | /* $OpenBSD: ssh-xmss.c,v 1.2 2020/02/26 13:40:09 jsg Exp $*/ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2017 Stefan-Lukas Gazdag. | 3 | * Copyright (c) 2017 Stefan-Lukas Gazdag. |
4 | * Copyright (c) 2017 Markus Friedl. | 4 | * Copyright (c) 2017 Markus Friedl. |
@@ -103,10 +103,8 @@ ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
103 | r = ret; | 103 | r = ret; |
104 | } | 104 | } |
105 | sshbuf_free(b); | 105 | sshbuf_free(b); |
106 | if (sig != NULL) { | 106 | if (sig != NULL) |
107 | explicit_bzero(sig, slen); | 107 | freezero(sig, slen); |
108 | free(sig); | ||
109 | } | ||
110 | 108 | ||
111 | return r; | 109 | return r; |
112 | } | 110 | } |
@@ -177,14 +175,10 @@ ssh_xmss_verify(const struct sshkey *key, | |||
177 | /* success */ | 175 | /* success */ |
178 | r = 0; | 176 | r = 0; |
179 | out: | 177 | out: |
180 | if (sm != NULL) { | 178 | if (sm != NULL) |
181 | explicit_bzero(sm, smlen); | 179 | freezero(sm, smlen); |
182 | free(sm); | 180 | if (m != NULL) |
183 | } | 181 | freezero(m, smlen); |
184 | if (m != NULL) { | ||
185 | explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ | ||
186 | free(m); | ||
187 | } | ||
188 | sshbuf_free(b); | 182 | sshbuf_free(b); |
189 | free(ktype); | 183 | free(ktype); |
190 | return r; | 184 | return r; |
diff --git a/sshbuf-misc.c b/sshbuf-misc.c index c0336e867..9b5aa208c 100644 --- a/sshbuf-misc.c +++ b/sshbuf-misc.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshbuf-misc.c,v 1.13 2020/01/25 23:28:06 djm Exp $ */ | 1 | /* $OpenBSD: sshbuf-misc.c,v 1.14 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller | 3 | * Copyright (c) 2011 Damien Miller |
4 | * | 4 | * |
@@ -156,17 +156,14 @@ sshbuf_b64tod(struct sshbuf *buf, const char *b64) | |||
156 | if ((p = malloc(plen)) == NULL) | 156 | if ((p = malloc(plen)) == NULL) |
157 | return SSH_ERR_ALLOC_FAIL; | 157 | return SSH_ERR_ALLOC_FAIL; |
158 | if ((nlen = b64_pton(b64, p, plen)) < 0) { | 158 | if ((nlen = b64_pton(b64, p, plen)) < 0) { |
159 | explicit_bzero(p, plen); | 159 | freezero(p, plen); |
160 | free(p); | ||
161 | return SSH_ERR_INVALID_FORMAT; | 160 | return SSH_ERR_INVALID_FORMAT; |
162 | } | 161 | } |
163 | if ((r = sshbuf_put(buf, p, nlen)) < 0) { | 162 | if ((r = sshbuf_put(buf, p, nlen)) < 0) { |
164 | explicit_bzero(p, plen); | 163 | freezero(p, plen); |
165 | free(p); | ||
166 | return r; | 164 | return r; |
167 | } | 165 | } |
168 | explicit_bzero(p, plen); | 166 | freezero(p, plen); |
169 | free(p); | ||
170 | return 0; | 167 | return 0; |
171 | } | 168 | } |
172 | 169 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshbuf.c,v 1.14 2020/01/23 07:10:22 dtucker Exp $ */ | 1 | /* $OpenBSD: sshbuf.c,v 1.15 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller | 3 | * Copyright (c) 2011 Damien Miller |
4 | * | 4 | * |
@@ -164,8 +164,7 @@ sshbuf_free(struct sshbuf *buf) | |||
164 | explicit_bzero(buf->d, buf->alloc); | 164 | explicit_bzero(buf->d, buf->alloc); |
165 | free(buf->d); | 165 | free(buf->d); |
166 | } | 166 | } |
167 | explicit_bzero(buf, sizeof(*buf)); | 167 | freezero(buf, sizeof(*buf)); |
168 | free(buf); | ||
169 | } | 168 | } |
170 | 169 | ||
171 | void | 170 | void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.99 2020/01/21 05:56:56 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.100 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -1019,10 +1019,8 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, | |||
1019 | r = 0; | 1019 | r = 0; |
1020 | out: | 1020 | out: |
1021 | free(ret); | 1021 | free(ret); |
1022 | if (blob != NULL) { | 1022 | if (blob != NULL) |
1023 | explicit_bzero(blob, blob_len); | 1023 | freezero(blob, blob_len); |
1024 | free(blob); | ||
1025 | } | ||
1026 | return r; | 1024 | return r; |
1027 | } | 1025 | } |
1028 | 1026 | ||
@@ -1280,12 +1278,10 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg, | |||
1280 | dgst_raw, dgst_raw_len, k); | 1278 | dgst_raw, dgst_raw_len, k); |
1281 | break; | 1279 | break; |
1282 | default: | 1280 | default: |
1283 | explicit_bzero(dgst_raw, dgst_raw_len); | 1281 | freezero(dgst_raw, dgst_raw_len); |
1284 | free(dgst_raw); | ||
1285 | return NULL; | 1282 | return NULL; |
1286 | } | 1283 | } |
1287 | explicit_bzero(dgst_raw, dgst_raw_len); | 1284 | freezero(dgst_raw, dgst_raw_len); |
1288 | free(dgst_raw); | ||
1289 | return retval; | 1285 | return retval; |
1290 | } | 1286 | } |
1291 | 1287 | ||
@@ -4054,18 +4050,12 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob, | |||
4054 | sshbuf_free(encrypted); | 4050 | sshbuf_free(encrypted); |
4055 | cipher_free(ciphercontext); | 4051 | cipher_free(ciphercontext); |
4056 | explicit_bzero(salt, sizeof(salt)); | 4052 | explicit_bzero(salt, sizeof(salt)); |
4057 | if (key != NULL) { | 4053 | if (key != NULL) |
4058 | explicit_bzero(key, keylen + ivlen); | 4054 | freezero(key, keylen + ivlen); |
4059 | free(key); | 4055 | if (pubkeyblob != NULL) |
4060 | } | 4056 | freezero(pubkeyblob, pubkeylen); |
4061 | if (pubkeyblob != NULL) { | 4057 | if (b64 != NULL) |
4062 | explicit_bzero(pubkeyblob, pubkeylen); | 4058 | freezero(b64, strlen(b64)); |
4063 | free(pubkeyblob); | ||
4064 | } | ||
4065 | if (b64 != NULL) { | ||
4066 | explicit_bzero(b64, strlen(b64)); | ||
4067 | free(b64); | ||
4068 | } | ||
4069 | return r; | 4059 | return r; |
4070 | } | 4060 | } |
4071 | 4061 | ||
@@ -4273,14 +4263,10 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, | |||
4273 | free(ciphername); | 4263 | free(ciphername); |
4274 | free(kdfname); | 4264 | free(kdfname); |
4275 | free(comment); | 4265 | free(comment); |
4276 | if (salt != NULL) { | 4266 | if (salt != NULL) |
4277 | explicit_bzero(salt, slen); | 4267 | freezero(salt, slen); |
4278 | free(salt); | 4268 | if (key != NULL) |
4279 | } | 4269 | freezero(key, keylen + ivlen); |
4280 | if (key != NULL) { | ||
4281 | explicit_bzero(key, keylen + ivlen); | ||
4282 | free(key); | ||
4283 | } | ||
4284 | sshbuf_free(encoded); | 4270 | sshbuf_free(encoded); |
4285 | sshbuf_free(decoded); | 4271 | sshbuf_free(decoded); |
4286 | sshbuf_free(kdf); | 4272 | sshbuf_free(kdf); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: umac.c,v 1.18 2019/11/13 04:47:52 deraadt Exp $ */ | 1 | /* $OpenBSD: umac.c,v 1.19 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* ----------------------------------------------------------------------- | 2 | /* ----------------------------------------------------------------------- |
3 | * | 3 | * |
4 | * umac.c -- C Implementation UMAC Message Authentication | 4 | * umac.c -- C Implementation UMAC Message Authentication |
@@ -1205,8 +1205,7 @@ int umac_delete(struct umac_ctx *ctx) | |||
1205 | if (ctx) { | 1205 | if (ctx) { |
1206 | if (ALLOC_BOUNDARY) | 1206 | if (ALLOC_BOUNDARY) |
1207 | ctx = (struct umac_ctx *)ctx->free_ptr; | 1207 | ctx = (struct umac_ctx *)ctx->free_ptr; |
1208 | explicit_bzero(ctx, sizeof(*ctx) + ALLOC_BOUNDARY); | 1208 | freezero(ctx, sizeof(*ctx) + ALLOC_BOUNDARY); |
1209 | free(ctx); | ||
1210 | } | 1209 | } |
1211 | return (1); | 1210 | return (1); |
1212 | } | 1211 | } |